The scandal over programs such as DROPOUTJEEP, MONKEYCALENDAR, and IRATEMONK continue to be the top story on the netsec community’s lips since the news of their existence broke two short days after Christmas of last year. At the Chaos Communication Cogress in Hamburg, Germany, longtime friend and accomplice of Edward Snowden Jacob Applebaum took the stage to reveal how deep the rabbit hole of Tailored Access Operations really went.
One of the named co-conspirators, Dell, has come out to respond to the revelation of the “GODSURGE” hardware crack, which enabled the NSA to fit their own version of the JTAG debugging port to any Dell PowerEdge machine to gain full, undetectable access to the base layer of the system and all its installed components. What’s worse yet, is they were able to achieve this effect using off the shelf hardware that could not be traced back to the NSA based on proprietary technology alone.
In an official statement to The Register, Dell attempted to clear up any misconceptions that they were intentionally providing any open avenues into the back of their machines for the United States government or otherwise.
“We take very seriously any issues that may impact the integrity of our products or customer security and privacy. Should we become aware of a possible vulnerability in any of Dell’s products we will communicate with our customers in a transparent manner as we have done in the past.
Dell does not work with any government – United States or otherwise – to compromise our products to make them potentially vulnerable for exploit. This includes ‘software implants’ or so-called ‘backdoors’ for any purpose whatsoever.”
Dell was not the only company targeted in these attacks, as HP, Apple, and Microsoft all have specific parts and programs dedicated to cracking their specific architecture across a variety of firmware and software upgrades, and have independently come forward to deny any collusion with federal agencies in America or the UK.