http://www.popularmechanics.com/technology/industry/4253628.html
By Glenn Derene and Joe Pappalardo
Popular Mechanics
Published in the April 2008 issue
This past January, two brothers from Texas, Michael and Robert Edman,
appeared in court to face federal charges of selling counterfeit
computer equipment to, among others, the Air Force, Marine Corps,
Federal Aviation Administration, Department of Energy, numerous
universities and defense contractors such as Lockheed Martin. According
to prosecutors, the pair, working largely out of Michael Edman's house
in the rural town of Richmond, bought cheap network cards from a
supplier in China. They also purchased labels and boxes carrying the
logo of Cisco Systems, the U.S.-based hardware giant. Until a source in
China tipped off the FBI, no one could tell that the parts were Cisco
knockoffs rather than the real thing.
An attorney for the Edmans says that they, too, were victims—duped by
overseas suppliers. But one thing is clear: The case is about a lot more
than trademark infringement. Security experts warn that as supply chains
become more global and more opaque, no one can be sure what parts are
going into the computers that run, well, everything—from air traffic
control towers to banks to weapons systems. Secretary of Homeland
Security Michael Chertoff raised the issue recently at a briefing
attended by Popular Mechanics and others [1]. "Increasingly when you buy
computers they have components that originate ... all around the world,"
he said. "We need to look at ... how we assure that people are not
embedding in very small components ... that can be triggered remotely."
Software vulnerabilities and online scams receive plenty of public
attention. Viruses, Trojan horses, spyware, phishing schemes that trick
people into providing financial data—all have made headlines in recent
years. The emerging hardware threat is different. Imagine buying a
computer, printer, monitor, router or other device in which malevolent
instructions, or at least security loopholes, are etched permanently
into the silicon.
Individuals, companies and federal agencies could all be at risk from
foreign governments or criminal enterprises. A computer chip built with
a subtle error might allow an identity-theft ring to hack past the
encryption used to connect customers with their banks. Flash memory
hidden inside a corporation's networked printers could save an image
file of every document it printed, then send out the information. In a
disturbing national-security scenario, overseas agents might be able to
hard-wire instructions to bring down a Department of Defense system on a
predetermined date or in response to an external trigger. In the time it
took to bring the systems back online, a military assault could be
underway.
[1] http://www.popularmechanics.com/blogs/technology_news/4237823.html
[...]
___________________________________________________
Subscribe to InfoSec News
http://www.infosecnews.org/mailman/listinfo/isn
Comments