Last week, it came out in the news that the American National Security Agency has been intercepting computers purchased from big companies like HP and Dell on route to the customer, and installing spyware for the purpose of spying on these customers. The tactic is called “interdiction”. Unluckily, this news came out 2 days after we ordered our brand new laptop from Dell.
I began my investigation to learn more about this revelation (thanks to Eddie Snowden himself), and what I discovered was something rather unnerving.
I began with calling Dell’s Customer Care phone center in India. I explained my concern and that I was possibly going to cancel my order pending more info. The operator responded instantly that yes, he was aware of this interdiction, and promptly followed up my question by telling me they had no information about it whatsoever. In fact, I was speaking with the wrong department entirely. To learn more, I must speak with the sales department. I asked to be transferred, but was met with another apology- sales representatives are only available online via Dell’s instant chat service. Well enough. That night I was 8th in line for the queue to chat with someone and decided to try again another day.
Now, I live in Canada. You may be asking, why is Ashta so paranoid about the American NSA be interested in spying on her? I’ve been keeping a close ear on all the coverage emerging, and apparently, the NSA is interested in spying on EVERYBODY. Here’s an article from Winnipeg’s Global Research, and the national CBC talking about this very thing.
Stuff *known and proven* about this:
- The division is called Tailored Access Operations, and has hundreds of employees.
- The malware/spyware is installed on your hard disc, meaning even if you format and re-install your whole operating system, it will remain.
- Not only does it remain, upon connecting to the internet, it prompts remote reinstallation of the malware/spyware
- Dell is the only company that has come out with a statement saying they do comply with interdiction
A couple days later, I have the following chat with Nikkil Cheruku (who was also in India).
|01/02/2014 04:27:45PM||Agent (Nikhil_Cheruku): “Hi Ashta :)”|
|01/02/2014 04:28:42PM||Ashta Cormier: “Hello”|
|01/02/2014 04:29:08PM||Ashta Cormier: “i have placed an order already, but im considering acancellation”|
|01/02/2014 04:29:13PM||Ashta Cormier: “maybe you can hep me decide”|
|01/02/2014 04:29:23PM||Agent (Nikhil_Cheruku): “Glad you have chatted in today, I willbehappy to help you with the information.”|
|01/02/2014 04:29:27PM||Agent (Nikhil_Cheruku): “let me know the order number, sothat I canpull up the information for you”|
|01/02/2014 04:29:52PM||Ashta Cormier: “There is no order number yet. My customernumberis 666xxx”|
|01/02/2014 04:30:13PM||Ashta Cormier: “recent news has come out about the NSAinstalling spyware on Dell computers being shipped to customers”|
|01/02/2014 04:30:39PM||Ashta Cormier: “Are you aware of this process called “interdiction”?”|
|01/02/2014 04:31:04PM||Agent (Nikhil_Cheruku): “i am sorry about that,we are not aware of that”|
|01/02/2014 04:31:15PM||Agent (Nikhil_Cheruku): “we see that there is no order placed”|
|01/02/2014 04:31:38PM||Agent (Nikhil_Cheruku): “let me know the payment method that youhave used at the time of placing the order”|
|01/02/2014 04:32:03PM||Ashta Cormier: “On december 28th i placed an order for an inspiron15r using credit card”|
|01/02/2014 04:32:14PM||Ashta Cormier: “totalling just under $xxxx”|
|01/02/2014 04:32:43PM||Ashta Cormier: “i got notice that it has been acknowledged,but notyet processed.”|
|01/02/2014 04:33:34PM||Agent (Nikhil_Cheruku): “Ashta, the order is not processed, it hasto beprocessed manually by the online order processing department”|
|01/02/2014 04:34:28PM||Ashta Cormier: “How long does that take?”|
|01/02/2014 04:35:25PM||Agent (Nikhil_Cheruku): “it will take 24 hours time to process the orderdo you want to place a request to cancel this order before placing it?”|
|01/02/2014 04:36:25PM||Ashta Cormier: “but its been 5 days since placing the order. is that typicalfor processing?”|
|01/02/2014 04:37:57PM||Agent (Nikhil_Cheruku): “i am sorry about that, Ashta, the online orders dueto the holiday season are on hold, and let me place a request to place theorder in the next 3 – 4 hours and email the order confirmation to you”|
|01/02/2014 04:39:03PM||Ashta Cormier: “Can Dell insure that my privacy will not be violated, i wantsome kind of assurance that the packaged shipped from Dell will not makeit into the hands of the NSA. is this possible?”|
|01/02/2014 04:39:39PM||Ashta Cormier: “does the computer get assembled and shipped from theUS or Canada?”|
|01/02/2014 04:40:14PM||Agent (Nikhil_Cheruku): “No Ashta, Dell Computers will not be installedwithany other program or softwares which is not mentioned or any spywarewith out informing you”|
|01/02/2014 04:40:35PM||Agent (Nikhil_Cheruku): “Ashta, only the softwares which are mentionedin the order confirmation will be installed”|
|01/02/2014 04:41:20PM||Ashta Cormier: “what country will it come from?”|
|01/02/2014 04:41:52PM||Agent (Nikhil_Cheruku): “the computer will be shipped from Texas, USA”|
|01/02/2014 04:42:05PM||Ashta Cormier: “http://www.forbes.com/sites/erikkain/2013/12/29/report-nsa-intercepting-laptops-ordered-online-installing-spyware/“|
|01/02/2014 04:43:21PM||Ashta Cormier: “How can you be sure, when the above articledocuments this happening?”|
|01/02/2014 04:44:34PM||Ashta Cormier: “here’s a better one: http://www.spiegel.de/international/world/the-nsa-uses-powerful-toolbox-in-effort-to-spy-on-global-networks-a-940969-3.html“|
|01/02/2014 04:45:52PM||Agent (Nikhil_Cheruku): “Ashta, it is a generalized information andDell Computers will not be installed with any spyware”|
|01/02/2014 04:45:53PM||Ashta Cormier: “i’m just looking for some assurance further thanthis chat.”|
|01/02/2014 04:46:43PM||Ashta Cormier: “how can you make sure my package is not interceptedby another party?”|
|01/02/2014 04:47:39PM||Agent (Nikhil_Cheruku): “the package will not be intercepted by any 3rdparty, it is direct from Dell to your place in a sealed box”|
|01/02/2014 04:49:59PM||Ashta Cormier: “ok. i will print this chat out in case i need to use it in asuit. Were you personally aware of this recent news?”|
|01/02/2014 04:50:30PM||Ashta Cormier: “You can go ahead and “place a request to place the orderin the next 3 – 4 hours and email the order confirmation to you””|
|01/02/2014 04:51:33PM||Agent (Nikhil_Cheruku): “i was not aware of the news. However, no computerwas installed with any such spyware from Dell .”|
|01/02/2014 04:51:49PM||Agent (Nikhil_Cheruku): “thank you , we have placed a request to placethe order”|
|01/02/2014 04:54:15PM||Ashta Cormier: “thanks for your help”|
|01/02/2014 04:54:17PM||Ashta Cormier: “http://www.computerworld.com/s/article/9245064/The_NSA_intercepts_computer_deliveries_to_plant_spyware“|
|01/02/2014 04:54:22PM||Agent (Nikhil_Cheruku): “you are welcome”|
|01/02/2014 04:54:39PM||Ashta Cormier: “specifically mentions Dell”|
|01/02/2014 04:54:42PM||Ashta Cormier: “^”|
|01/02/2014 04:56:27PM||Ashta Cormier: “and this article says Dell officials comply: http://www.spiegel.de/international/world/catalog-reveals-nsa-has-back-doors-for-numerous-devices-a-940994.html“|
|01/02/2014 04:56:44PM||Ashta Cormier: “sorry, Dell officials *said* they do comply”|
|01/02/2014 04:57:29PM||Ashta Cormier: “for your information. i suspect you’ll have to field similarconcerns in the future”|
|01/02/2014 04:58:11PM||Agent (Nikhil_Cheruku): “Ashta, let me forward the article to my managerand email the information to you before processing the order”|
|01/02/2014 04:59:38PM||Ashta Cormier: “i understand that its happening… just as long as it doesn’thappen to my computer. if that can be arranged, i will feel comfortable withprocessing the order.”|
|01/02/2014 05:00:43PM||Ashta Cormier: “i welcome a telephone call from your manager ifpossible. 250-xxx-xxx“|
|01/02/2014 05:01:44PM||Agent (Nikhil_Cheruku): “yes, Ashta, you will receive a call beforeplacing order”|
|01/02/2014 05:02:17PM||Ashta Cormier: “thank you very much.”|
|01/02/2014 05:02:22PM||Agent (Nikhil_Cheruku): “you are welcome”|
|01/02/2014 05:02:39PM||Ashta Cormier: “i trust that the balance has not yet been take from mycredit card,right?”|
|01/02/2014 05:02:48PM||Ashta Cormier: “taken*”|
|01/02/2014 05:03:16PM||Agent (Nikhil_Cheruku): “no, the credit card is not yet charged, once youreceive the order confirmation and the order being shipped from Delldepot your card will be charged”|
|01/02/2014 05:03:31PM||Ashta Cormier: “ok good”|
|01/02/2014 05:06:41PM||Agent (Nikhil_Cheruku): “thank you”|
|01/02/2014 05:07:51PM||Agent (Nikhil_Cheruku): “Thank you for choosing Dell Sales Chat andhave a wonderful Evening”|
|01/02/2014 05:08:29PM||Agent sent nudge|
|01/02/2014 05:08:32PM||Ashta Cormier: “you too.”|
The next day, I got a phone call from Customer Care. As per the promise of Nikhil, I am expecting this call to begin with reference to my concern about the computer being intercepted by the American government to install spyware on my product. Instead, this rep begins our conversation with “I’m calling to confirm your change in shipping address.”
Trying not to sound too shocked, I ask “What has the address been changed to?” The rep reads me a Canadian address in a city located in Southern Ontario. I ask him to spell out the street name and confirm the postal code as I write it down. I instruct him to change the shipping address back to the original one; my house. He sounds a little confused, but confirms this is done.
I ask him then if there are any other notes on my account regarding the recent news of interdiction occurring and my concern via chat about Dell publically admitting their compliance. He says no, “but may I place you on hold to request your chat log be sent to me?” I agree. He places me on hold. After waiting a while, he comes back on the line and says that he’s gotten the chat, and may I mind holding while he reads it? I don’t mind. On hold again. After a longer while, he came back on the line with a different tone of voice, uneasily reassuring me that Dell will not install any software unspecified in my order. I asked if he was personally aware of this recent news, and he said no. I asked what kind of assurance could he give me that my package will not be tampered with from the factory to my home. He explained (a little short of patience?) that if the box looks like it has been opened when it arrives at my home, to not open it, and call Dell right away. I agree to have my order processed and sent directly to my house. We hang up.
The next task at hand: to find out about this random address my package was about to be shipped to.
Thanks to the internet, I was able to not only find the address and see it from google streetview, but also discover the two businesses registered to this very same address (including the ‘lower level” specification). Street view showed me a half-rundown neighbourhood centering on a typical middle-to-lower-class residential household (number confirmed), with a few expensive vehicles in the driveway. Advanced searches led me to the two businesses: a designated driver service for hire on New Years (complete with a suped up skookum website), and an SMO-expert-for-hire service.
Social Media Optimization: SMO is similar to search engine optimization (SEO) in that the goal is to generate traffic and awareness for a website. In general, SMO refers to optimizing a website and its content in terms of sharing across social media and networking sites. Social media optimization is considered an integral part of an online reputation management (ORM) or search engine reputation management (SERM) strategy for organizations or individuals who care about their online presence.
Whoa. So… from what I can tell, my package was about to be sent to some person who’s good at computer networking and directing online stuff.
Why did Dell have this specific address? Why was my computer going to be sent there? Would this person (who operates a basement-based computer business) have eventually sent me my package? What would they have done to it? I have their name and number, should I call and ask them? Does the NSA contract out their dirty work to computer-savvy individuals?
Here’s a Rap News from the Juice Media that explains some stuff about how crazy this all is…
Here is the transcript in case you missed any of the ill lyrics