[ISN] Counterfeit Chips Raise Big Hacking, Terror Threats, Experts Say

[InfoSec News <alerts@xxxxxxxxxxxxxxx>]

http://www.popularmechanics.com/technology/industry/4253628.html

By Glenn Derene and Joe Pappalardo
Popular Mechanics
Published in the April 2008 issue

This past January, two brothers from Texas, Michael and Robert Edman, 
appeared in court to face federal charges of selling counterfeit 
computer equipment to, among others, the Air Force, Marine Corps, 
Federal Aviation Administration, Department of Energy, numerous 
universities and defense contractors such as Lockheed Martin. According 
to prosecutors, the pair, working largely out of Michael Edman's house 
in the rural town of Richmond, bought cheap network cards from a 
supplier in China. They also purchased labels and boxes carrying the 
logo of Cisco Systems, the U.S.-based hardware giant. Until a source in 
China tipped off the FBI, no one could tell that the parts were Cisco 
knockoffs rather than the real thing.

An attorney for the Edmans says that they, too, were victims—duped by 
overseas suppliers. But one thing is clear: The case is about a lot more 
than trademark infringement. Security experts warn that as supply chains 
become more global and more opaque, no one can be sure what parts are 
going into the computers that run, well, everything—from air traffic 
control towers to banks to weapons systems. Secretary of Homeland 
Security Michael Chertoff raised the issue recently at a briefing 
attended by Popular Mechanics and others [1]. "Increasingly when you buy 
computers they have components that originate ... all around the world," 
he said. "We need to look at ... how we assure that people are not 
embedding in very small components ... that can be triggered remotely."

Software vulnerabilities and online scams receive plenty of public 
attention. Viruses, Trojan horses, spyware, phishing schemes that trick 
people into providing financial data—all have made headlines in recent 
years. The emerging hardware threat is different. Imagine buying a 
computer, printer, monitor, router or other device in which malevolent 
instructions, or at least security loopholes, are etched permanently 
into the silicon.

Individuals, companies and federal agencies could all be at risk from 
foreign governments or criminal enterprises. A computer chip built with 
a subtle error might allow an identity-theft ring to hack past the 
encryption used to connect customers with their banks. Flash memory 
hidden inside a corporation's networked printers could save an image 
file of every document it printed, then send out the information. In a 
disturbing national-security scenario, overseas agents might be able to 
hard-wire instructions to bring down a Department of Defense system on a 
predetermined date or in response to an external trigger. In the time it 
took to bring the systems back online, a military assault could be 
underway.

[1] http://www.popularmechanics.com/blogs/technology_news/4237823.html

[...]

___________________________________________________      
Subscribe to InfoSec News
http://www.infosecnews.org/mailman/listinfo/isn