Cisco Complains To Obama About NSA Adding Spyware To Routers 297
pdclarry (175918) writes "Glenn Greenwald's book No Place to Hide reveals that the NSA intercepts shipments of networking gear destined for overseas and adds spyware. Cisco has responded by asking the President to intervene and stop this practice, as it has severely hurt their non-U.S. business, with shipments to other countries falling from 7% for emerging countries to over 25% for Brazil and Russia."
Why bother with tricks? (Score:5, Insightful)
Why does NSA have to do this? Can't they just order Cisco to install this in their factory?
Or did they co-operate in this way to prevent whistle-blowing or counterintelligence at the factory?
In any case, I doubt Cisco didn't know about this. They are probably trying to save their face after a third party uncovered this.
Re:Why bother with tricks? (Score:5, Informative)
Actually, no. They can ASK Cisco to do this, but they have no legal power to order them to do this.
Now, they may quietly PRETEND they have the legal power to order this, and phrase their request as an order. But they really can't do much if Cisco ignores them.
Re: (Score:2)
Re: (Score:2)
What in the patriot act gives them this power?
Re:Why bother with tricks? (Score:5, Informative)
What in the patriot act gives them this power?
You don't need the power officially. They have ways of getting what they want.
And here [dailycaller.com]
I'm not saying anything in particular about Cisco's vulnerability to pressure from the NSA. I'm just saying they don't necessarily need explicit legal power to get what they want.
Re:Why bother with tricks? (Score:5, Insightful)
What in the patriot act gives them this power?
You don't need the power officially. They have ways of getting what they want.
In other words, once you start sucking on Satan's cock, you're not allowed to stop. Ever.
There's a lesson to be learned there...
Re:Why bother with tricks? (Score:5, Insightful)
Actually you can, Cisco can start hiring contractor security firms and get more guns than the NSA. an NSA agent that has a M16 rifle pushed in his face by contractors and being told to "please leave the premises..... SIR!" has two options, he can leave or he can be killed in self defense.
A large very rich corperation can get away with a hired army to protect themselves from the government.
but that slippery slope is very steep and very very slippery.
Re: (Score:2)
Or, he is blaming his incompetence on the government.
Re:Why bother with tricks? (Score:5, Funny)
You cant, It's a criminal offense to actually read that part of the patriot act.
Re: (Score:2)
Have you?
http://www.gpo.gov/fdsys/pkg/B... [gpo.gov]
Re:Why bother with tricks? (Score:5, Insightful)
Actually, no. They can ASK Cisco to do this, but they have no legal power to order them to do this.
Now, they may quietly PRETEND they have the legal power to order this, and phrase their request as an order. But they really can't do much if Cisco ignores them.
Except, you know, throw them in prison without a trial.
An agency with no oversight, who's "requests" cannot be questioned openly without charges of treason, has the power to do anything they want to anyone they want.
Re:Why bother with tricks? (Score:5, Insightful)
Several things:
1) "whose". Illiteracy doesn't actually make your arguments better.
2) Treason is defined by the Constitution. Article 3, Section 3. Learn it, love it, live it. There's a reason why people don't get charged with treason all that often. Note that Snowden did NOT get charged with treason. Do you really think anyone at Cisco can be charged with treason if they can't charge Snowden with it?
3) thank you for agreeing with me. They have no legal power to do so, though they can PRETEND they do by phrasing requests as orders. Alas, ignoring them doesn't actually get you in trouble.
Wildly out of touch (Score:2, Insightful)
The U.S. government is extremely corrupt. It is silly to talk about the constitution and law when there are many situations in which people operating with the power of the U.S. government do not feel bound by any law.
Re: (Score:2)
Alas, ignoring them doesn't actually get you in trouble.
Not explicitly, and not obviously. It will, however, probably lead to you not being invited to quote for government pork-barrel business anymore, and more than one very lengthy visit from the IRS. It doesn't matter whether it's legal or not legal anymore, it only matters if you have more firepower (legal, political, or otherwise) than they do.
Re: (Score:3)
It doesn't matter whether it's legal or not legal anymore, it only matters if you have more firepower (legal, political, or otherwise) than they do.
Anymore? This is the way it's always been. The good old Catch-22.
Re: (Score:3)
â¦. and no one has more firepower than they do.
Re:Why bother with tricks? (Score:4, Informative)
Alas, ignoring them doesn't actually get you in trouble.
Yeah, right.
Joseph Nacchio [foxbusiness.com].
Three Felonies a Day [amazon.com].
Re: (Score:2)
They have no legal power? The average person commits what, 23 Felonies a day. They just pick one, make it stick, and get you to play ball. If you still refuse, well I suggest looking up what happened to Qwest's CEO when he refused to play ball.
Re: (Score:2)
Re:Why bother with tricks? (Score:5, Insightful)
What they do is use their total information awareness to find some excuse to put the executives in prison for a completely different reason. The difference matters little to the executive.
Now, who would do [dailycaller.com] such a thing?
Re: (Score:2)
Now, they may quietly PRETEND they have the legal power to order this, and phrase their request as an order. But they really can't do much if Cisco ignores them.
That is like saying the mafia may quietly pretend to have the power to shut down your business if you don't do what they want. While the NSA may not have the authority, on paper, they certainly have the ability to press the issue by "extralegal" means and have verifiably done so in the past.
Re:Why bother with tricks? (Score:5, Insightful)
NSA proprietary information (Score:3)
I doubt that the NSA would like Cisco to know how/what they are doing to their routers.
Re: (Score:2)
Why does NSA have to do this? Can't they just order Cisco to install this in their factory?
Not if the factory is in China.
Re:Why bother with tricks? (Score:4, Insightful)
Not if the factory is in China.
And now China has political cover if we notice them inserting their own changes into, say, the ethernet PHY compromising every router regardless of firmware revision. Or adds their own Stuxnet onto the support CDs included with the router.
Re:Why bother with tricks? (Score:5, Insightful)
Why does NSA have to do this? Can't they just order Cisco to install this in their factory?
Why risk someone at Cisco running to the press? Best to keep them out of the loop.
Re: (Score:2)
The outrage from investors, institutional investors, trust funds, technical staff, political leaders, ex staff, the legal teams has to be 100% real.
The "Never believe in anything until it has been officially denied" has to look and sound real every decade.
The academics have to stay tame, the political leaders have to legally make been a whistleblower in the US difficult, the end users stay unaware....
Once the trick
Re:Why bother with tricks? (Score:5, Insightful)
If it weren't for Edward Snowden, Cisco would have never been able to complain--because no one would have ever known it was happening. Keep in mind that the NSA had been doing this kind of stuff for OVER 10 YEARS without a significant leak. So you can't blame them for functioning under the assumption that neither Cisco nor anyone else was ever going to know it was happening (until about 75 years from now, when it's finally declassified).
Re:Why bother with tricks? (Score:4, Informative)
The Martin and Mitchell defection in 1960 did offer the hint 'intercepting and deciphering the secret communications of its own allies"
https://en.wikipedia.org/wiki/... [wikipedia.org]
There where a few magazine and books over the 1970-80's that also offered a view of global telco reach, indexing, storage and tracking under ECHELON.
Copper, optical it all has to move via some nations backhaul... that so cheap peering loop
The reading back to the press of embassy traffic sent on trusted crypto should have been a hint.
So "anyone else was ever going to know" seems to be a lot of nations where happy to see their telco systems entire output shared with 5 other nations (and a few others) for decades in some form as part of a mil deal.
Re: (Score:2)
He never publically advacated for it, he was publiched posthumously.
Why bother with tricks? (Score:4, Insightful)
See Plausible deniability [wikipedia.org]
Plausible deniability is a term coined by the CIA in the early 1960s to describe the withholding of information from senior officials in order to protect them from repercussions in the event that illegal or unpopular activities by the CIA became public knowledge.
It's roots go back to Eisenhower's NSC Directive NSC 5412 of March 15, 1954, which defined "covert operations" as "...all activities conducted pursuant to this directive which are so planned and executed that any U.S. Government responsibility for them is not evident to unauthorized persons and that if uncovered the U.S. Government can plausibly disclaim any responsibility for them." [NSC 5412 was de-classifed in 1977, and is located at the National Archives, RG 273.]
Otherwise known as "They think you're a fucking dumb cunt."
Re: (Score:2)
if Cisco was honest, they would send to each customer upon registering the product a nice file that will reinstall the clean OS and eradicate the crap the NSA is doing.
But Cisco is far from honest as a company, so they are probably whining that they are not being PAID to install the back doors.
Re: (Score:2)
You hope it's only a firmware change. Altering hardware would be nearly impossible to detect by anybody but cisco and potentially very hard to do without destroying the part in the process.
PS Cisco will send you the current firmware for a new product it's just a PITA if it does not have smartnet.
Hardware level changes? (Score:3)
I would assume that whatever the NSA is doing to this equipment must make hardware changes. If reflashing with new IOS loads "fixed" NSA compromises, I would expect it wouldn't be a very successful program as firmware upgrades would close the back doors.
They must be making changes to hardware in some way that are transparent to IOS and possibly not even visible to someone doing field replacement of internal modules.
It's kind of crummy they do it at all, but it would be pretty fascinating to see how they ar
Re: (Score:2)
Hypocritical (Score:5, Interesting)
Re: (Score:2, Informative)
The NSA has not been caught red-handed, either. The article even points out that the pictures have not been independently verified.
Re: (Score:2)
At least they can't stand behind "Any disclosure puts people at risk" in this instance, unless "people" is the guy in the photo opening up Cisco kit and "in danger" means "desk duty".
Re: (Score:3)
Re:Hypocritical (Score:5, Insightful)
I'm glad America approves me hacking American systems and spying on American people. After all, foreigners are fair game, and Americans are foreigner to me, so...?
Re: (Score:2)
Oddly enough, the NSA's MANDATE is "foreign signals intelligence". Note that word "foreign" - it's important.
Also oddly, EVERY OTHER spy agency on the planet spies on *gasp* FOREIGNERS!
For the NSA, anyone who isn't powerful isn't in the 'club', and that's foreign enough. Other spy agencies are valuable as propaganda cover though. If the NSA facilitates domestic spying by them then 'swaps' intel, both agencies claim they aren't spying on citizens! And if they pay or coerce local businesses to spy and turn over the data, why the intel is laundered so it's clean. And clean means it's ok!
Re:Hypocritical (Score:5, Insightful)
It takes one to know one. The US government was afraid of that kind of thing exactly because they knew they were doing it to everybody else.
Re:Hypocritical (Score:4, Interesting)
How do you think the NSA found the Chinese back doors?
Kinda of a duh moment don't you think?
Re: (Score:3)
How do you think the NSA found the Chinese back doors?
The NSA has not found any Chinese backdoors.
Re: (Score:2)
Can't help myself here. Using ridiculous reverse logic of a TV intelligence interrogator.
So you are admitting that you are aware of Chinese back doors that are not currently known about by legitimate parties?
Tell me what you know of these back doors.
And tell me how we can use them.
Re:Hypocritical (Score:5, Interesting)
I find it funny how the US government accused Huawei and ZTE of building in backdoor access while engaging in the exact same practice.
It's funny. I was watching the news this morning and one of the lead stories was about the arrest of a bunch of Chinese officials for "cyberspying." And the first thing that I thought when I saw that was "I wonder what the Administration is trying to hide with this stunt." So I come on Slashdot and this is the first story I see this morning. Guess I know now why those Chinese dudes got arrested.
Smart strategy. Whenever a story breaks about YOUR cyberspying, just stage a distraction stunt to highlight OTHER COUNTRY'S cyberspying.
Re: (Score:2)
I find it funny how the US government accused Huawei and ZTE of building in backdoor access while engaging in the exact same practice.
It's not "funny", it's rational - as domestic people moved to Huawei equipment, they lost some of their ability to spy. Throw out a scare story, drive people back to the platforms with developed intercepts.
If you have to choose between a government with police powers over your body knowing what you say in private and one half way across the world where you don't go knowing
Re:Hypocritical (Score:5, Insightful)
In the case of Cisco most of the world can trust their gear with the exception of people who are direct targets of the NSA.
If there is anything we have learned since the Snowden Saga started, it is that most of the world are direct targets of the NSA. That is, your post is self-nullifying and vanishes in a poof of logic.
Re: (Score:2)
The accusations against Huawei and ZTE are that they have engineered back doors into every piece of equipment. Where the accusation against the NSA is that they have compromised Cisco equipment going to individual customers and suspect countries. I see a significant difference there. In the case of Huawei and ZTE it means you can pretty much never trust their gear. In the case of Cisco most of the world can trust their gear with the exception of people who are direct targets of the NSA.
Would someone please mod the above 'funny'. That was a joke, wasn't it?
I'm sure, given the previous revelations about us tapping our allies' leaders phones, that most of our allies are going to be quite leery of Cisco gear for quite some time. Also, It may well be that Huawei and ZTE have back doors, but where's the evidence? I'm sure multiple parties have disassembled their code and looked, but I haven't heard any corroboration. It's not like anyone took pictures of Chinese government operatives modify
Re: (Score:2)
yeah right. having the capability to put a backdoor in one piece of equipment at the factory isn't marginally cheaper than putting it in all of them.
From the NSA's perspective it would be more like "backdoor them all, just in case".
Re: (Score:2)
erm. typo.
" isn't marginally cheaper" should read "IS only marginally cheaper"
Re: (Score:2)
Re: (Score:2)
If Glen Greenwald is involved in the story, then it's ALL for show.
How so? Are you implying that Greenwald is a shill? Or that he's not a credible journalist? If so, how about some proof?
Greenwald is only putting on a show? (Score:3)
That is odd, I thought FOX News, CNN, MSNBC were all putting on shows with entertaining gossip, talking heads with poor track records (but good ratinings) and other infotainment BS? Why would I bother to READ anything Glen Greenwald writes when I can turn in simple minded entertaining tripe that will not depress me?
High profits and high ratings come from being ALL SHOW. I think you have him confused with most the media.
The ONLY reason Greenwald makes a living competing against the infotainment industry is
What a freak show (Score:4, Informative)
Re: (Score:2)
Some time during the cold war the telco system went more digital with US 'wiretap' friendly software and hardware to track everybody within that nation.
Staff are trained, generals and the security services are happy, the next generation of staff are trained... after a while the political class just enjoys crypto junk they are handed by their nations best.
How can a small set of a nations experts stand up to their own political c
physical inspections/software images (Score:2)
Make the top of the case clear so that the physical modifications are easy to see and encourage reflashing of images to checksumed versions.
How do you know if your hardware has this? (Score:5, Funny)
In Soviet Russia, the Internet surfs you (Score:2)
In possibly related news, Russia is building their own Internet! [themoscowtimes.com] With central control! And domestic payment system! And in fact, screw the whole "inter" thing...
Under a heart-warming name "Cheburashka". [wikipedia.org]
Not sure if this is directly related to the 28% Cisco orders decrease.
Re: (Score:2)
The Dark Ages are returning!
Too late (Score:5, Insightful)
Problem is that there is pretty much no possible way Cisco can put the toothpaste back in the tube. They have no simple way to prove to potential customers that their gear hasn't been hacked or compromised in some way. The actions (real or perceived) of the NSA have basically screwed a number of US companies in overseas markets where security is any sort of a concern.
Basically even the perception that the NSA may have compromised the equipment is enough to keep people from buying Cisco. Of course then the question becomes who do you trust? The Chinese make a lot of gear but they are probably trusted even less than the Americans if anything. Unless the gear is manufactured domestically under supervision it's unclear how you ensure that no one has introduced undesirable code/hardware.
Re: (Score:3)
They have no simple way to prove to potential customers that their gear hasn't been hacked or compromised in some way.
Maybe ask Apple for help, since they allowed them to use the name "iOS" for their operating system. The essential parts of the operating system on iOS are signed with Apple's private key and don't work otherwise. Even if there was a "jailbreak", you can reset an iPhone and you know that all hacks are gone. The phone also allows new OS software only if it is signed by Apple. That should be equally possible on an Cisco router. (You can get around this with a jailbreak, but the important point is that at a cus
Re: (Score:2)
Well, as we already know, private keys in the US not necessarily private.
Even a simple court order might end up with giving normal "law enforcement" personal access to the private key.
The NSA does not operate with THAT much publicity.
Re: (Score:2)
Still doesn't work (Score:2)
The phone also allows new OS software only if it is signed by Apple. That should be equally possible on an Cisco router.
If Cisco can monitor your gear, so can the NSA. You are presuming that Cisco actually is not in cahoots with the NSA. While it is certainly possible Cisco is not working with the NSA, a foreign buyer cannot assume that is true because they have no way to confirm.
Re: (Score:2)
enough to keep people from buying Cisco
Do we think that it is just Cisco routers that are affected?
Re: (Score:2)
It's really hard to believe Cisco did not know about this. They were either cooperating (even if just by turning a blind eye) or incredibly incompetent. As you say, it will indeed be very difficult for them to gain anyone's trust.
It would probably take them all but 5 minutes to have one of their Chinese employees dump the firmware and compare the checksums to known vanilla sources. I can't believe a large company wouldn't have this as part of their regular process.
Re: (Score:2)
You know, if you buy hardware and a support contract, you want to download the latest (and/or greatest) image for your device and reflash it yourself anyway. So how are all these people getting compromised in the first place? I never trust a cisco product will work properly until I flash IOS (or whatever) to it myself and see it flash without error.
Re: (Score:2)
Don't complain. Sue. (Score:4, Interesting)
Don't complain. Sue.
Re:Don't complain. Sue. (Score:4, Informative)
Don't complain. Sue.
"State secrets".
Allowing the lawsuit to proceed will expose state secrets and undermine the all-important War on Terror.
Next suggestion?
Re:Don't complain. Sue. (Score:5, Funny)
Feeling ashamed (Score:5, Insightful)
...to think 40 years ago we were on the brink of nuclear war with a country that did shit like this.
Re: (Score:2, Insightful)
You're Russian?
Re: (Score:2)
Re: (Score:2)
USA advised Australia not to purchase chinese (Score:5, Insightful)
Re: (Score:2)
It is possible that the Aussie spy agencies were working with the US to more thoroughly compromise Aussie network infrastructure.
Comment removed (Score:4, Insightful)
Why! Cisco gear is manufactured in the USA. (Score:2)
Re: (Score:2)
Obama will surely help (Score:2, Funny)
He'll, you know, speak truth to power! He'll battle the NSA on our behalf!
He'll, he'll uh... Oh, never mind.
DIY routers looking better all the time (Score:5, Informative)
Putting open source routing software on a rack-mount PC equipped with a few NICs is looking better all the time. Since the open source routing software solutions are getting quite good, this is doable. I did it and wouldn't go back:
About three years ago I noticed that our Cisco routers were a bottle-neck, worryingly old, and I was the only member of my staff comfortable with their CLI. We definitely did not have the budget to buy new Cisco routers, so I looked into HP and D-Link layer-3 switches. They were still too expensive. We used OpenWRT on some wireless routers, so the idea of using open source routing software was not new to us. Tested using plain Linux as a router. That worked, but was (way) over my staff's head. Tried Vyatta on the same hardware. At that time Vyatta's web-interface was a joke, making it no better than plain Linux for our purposes. (The web-interface may have improved since then and as a virtual router in a VM environment, Vyatta looks quite good.) Untangle was decent, but all of the interesting features had to be bought, which nullifies most of the advantages of it being open source. Heard about pfSense on the Linux Action Show and gave it a try.
Testing pfSense and learning its feature-set convinced us that it could do everything we needed (NAT, routing/firewalling between VLANs and the outside world) as well as do some other nice tricks (VPN concentrator, web caching/filtering, nice graphs of important stats, logging web usage, acting as a DHCP and DNS server, etc.). Basically, pfSense does everything that OpenWRT does and more since it expects to be run on more powerful standard hardware. Since it runs on standard hardware, the community isn't as fragmented as with OpenWRT, and more of pfSense's users are applying it in a professional environment, so the community support is quite good. The paid support is excellent. Being able to replace a failing router or NIC with something we had on the shelf is nice too.
So we had an open source routing solution that fit our needs, and much better than Cisco's offerings. But shifting all of our routing from Cisco to pfSense was a bold move. The Huawei story was the clincher for us. If Huawei did it, Cisco could too. That realization lead to my decision to always use an open source solution on network edge devices. This story seems to support that decision.
Well it's a good thing.... (Score:5, Informative)
Instead of buying backdoored equipment that's been tampered with by NSA employees, I replaced a $6,000 Cisco AVA box with a 1U dual-core atom box running pfSense for about a grand. I've also reflashed the various WRT-series routers in the field with DD-WRT. ....And now our official new IT policy is "thou shalt not buy Cisco/Linksys gear".
Way to go NSA, you sank what little remains of the US tech industry. And it's not Snowden's fault in the least for revealing the crimes and assault on our liberty at the hands of the NSA. It's the NSA's fault for committing the serious crimes against their own people in the first place. They should be shut down, tarred, feathered and put on trial for becoming domestic terrorists. Don't tread on me.
Re: (Score:2)
Someday when Lord Christ Obama is President (Score:3, Informative)
He can fix all the things.
Re:Hey Obama (Score:4, Insightful)
You understand the complaint is that they BOUGHT the congress, so they could have the tax code changed so they could legally shift their share of tax responsibility to others? So, while yes you are technically correct, you, and they, are so morally bankrupt I can't understand how you can live with yourself.
Re: (Score:2)
Considering that the article you're referring to doesn't even IMPLY that they "bought" Congress, merely that they would like Congress to do them a favour....
Note that if they'd "bought" Congress, they'd not be having to publicly ASK for a tax holiday - they could just quietly get the tax holiday inserted into some completely unrelated bill so noone would notice.
Note also that the laws you seem to think they "bought" actually predate the existence of Cisco (actually, they predate the computer industry), so
Re: (Score:2)
you, and they, are so morally bankrupt I can't understand how you can live with yourself.
I suspect that their moral bankruptcy has a lot to do with enabling them to live with their moral bankruptcy. It's a self-justifying sort of thing.
Re: (Score:3, Informative)
they BOUGHT the congress, so they could have the tax code changed so they could legally shift their share of tax responsibility to others?
Except that is not what happened. America is the only country in the world that taxes extraterritorial income, payable upon repatriation of the profits. Corporations have been lobbying for years to have this changed, rightfully pointing out that it pushes both profits and jobs overseas while collecting very little tax revenue. If we made some sensible reforms, the corporate tax rates would be lower, but amount actually collected would be higher. Cisco, along with many other corporations, support these r
Re: (Score:2)
You understand the complaint is that they BOUGHT the congress, so they could have the tax code changed so they could legally shift their share of tax responsibility to others? So, while yes you are technically correct, you, and they, are so morally bankrupt I can't understand how you can live with yourself.
What actions are you taking to remove this kind of power from Congress?
Just since we're having a "no you're the hypocrite'" thread and all...
Re: (Score:2, Informative)
The biggest people complaining about this seem to be Rand Paul and sadly only a few others. Meanwhile the stupid and annoying cunts Barbara Boxer and Nancy Pelosi circle jerk around how we need this surveillance state.
Re:The GOP are going to have a meltdown (Score:5, Insightful)
I am unsure if you realize this, but for the last 6 years Obama has been President, with the democrats owning the Senate since well before that. The biggest people complaining about this seem to be Rand Paul and sadly only a few others. Meanwhile the stupid and annoying cunts Barbara Boxer and Nancy Pelosi circle jerk around how we need this surveillance state.
I am unsure if you realize this but even the Republican mainstream will not fight too hard to get rid of Big Brother.
Government whores just want more government power over the people. Republicans and Democrats are to blame for this shit.
Re:No. And there is a precedent. (Score:4, Interesting)
The Republican spin machine will easily manipulate their "base" to not only accept it, but DEMAND that the big corp's profits are protected at the base's expense.
Let's face it, the electorate is informed by mass media and mass media is incompetent and in bed with their corporate masters.
You can't have it both ways. Either they're willful manipulators or incompetent buffoons, but not both. At the most they might be willful manipulators pretending to be incompetent buffoons, but that is not the same thing.
Re: (Score:3)
Re: (Score:2)
It's safer to assume that they all are both.
Re: (Score:2)
mormon === scientology you must mean stupidity not liberalism
If you equate Mormonism with Scientology, you have a lot to learn. Please study what we truly believe (http://www.lds.org and http://www.mormon.org/ [mormon.org] instead of what people say we believe.
Re:No. And there is a precedent. (Score:5, Insightful)
Teach people that your religion *acts well*. That should be your central difference with Scientology -- the Scientologists break the law to spy on and destroy their enemies, while legitimate religions treat people fairly. Belief does not matter at all. The way a religion acts is what makes them honorable or criminal.
Re: (Score:3)
Re: (Score:3)
I don't know if we ever will receive the precise details of this NSA operation, but I would still like to know:
1) How was the integrity of the shipping chain tainted? At which point NSA grabbed the devices and who allowed them to do this?
2) What does this "spyware" do, and does this mean a modified system firmware or something else?
Most of that is covered in Greenwald's book, and also in the NSA documents that have been released. The specific physical interception point is not described, but the modified firmware is. Once the router goes into service it "phones home" periodically and allows NSA to send monitoring instructions.