http://www.nytimes.com/2008/05/09/technology/09cisco.html
By JOHN MARKOFF
The New York Times
May 9, 2008
SAN FRANCISCO — Counterfeit products are a routine threat for the
electronics industry. However, the more sinister specter of an
electronic Trojan horse, lurking in the circuitry of a computer or a
network router and allowing attackers clandestine access or control, was
raised again recently by the F.B.I. and the Pentagon.
The new law enforcement and national security concerns were prompted by
Operation Cisco Raider, which has led to 15 criminal cases involving
counterfeit products bought in part by military agencies, military
contractors and electric power companies in the United States. Over the
two-year operation, 36 search warrants have been executed, resulting in
the discovery of 3,500 counterfeit Cisco network components with an
estimated retail value of more than $3.5 million, the F.B.I. said in a
statement.
The F.B.I. is still not certain whether the ring’s actions were for
profit or part of a state-sponsored intelligence effort. The potential
threat, according to the F.B.I. agents who gave a briefing at the Office
of Management and Budget on Jan. 11, includes the remote jamming of
supposedly secure computer networks and gaining access to supposedly
highly secure systems. Contents of the briefing were contained in a
PowerPoint presentation leaked to a Web site, Above Top Secret.
A Cisco spokesman said that the company had investigated the counterfeit
gear seized by law enforcement agencies and had not found any secret
back door.
“We did not find any evidence of re-engineering in the manner that was
described in the F.B.I. presentation,” said John Noh, a Cisco spokesman.
He added that the company believed the counterfeiters were interested in
copying high volume products to make a quick profit. “We know what these
counterfeiters are about.”
An F.B.I. spokeswoman, Catherine L. Milhoan, said the agency was not
suggesting that the Chinese government was involved in the
counterfeiting ring. “We worked very closely with the Chinese
government,” she said. Arrests have been made in China as part of the
investigation, she said. “The existence of this document shows that the
cyber division of the F.B.I. has growing concerns about the production
and distribution of counterfeit network hardware.”
Despite Cisco’s reassurance, a number of industry executives and
technologists said that the threat of secretly added circuitry intended
to subvert computer and network gear is real.
[...]
_______________________________________________
Attend Black Hat USA, August 2-7 in Las Vegas,
the world's premier technical event for ICT security experts.
Featuring 40 hands-on training courses and 80 Briefings
presentations with lots of new content and new tools.
Network with 4,000 delegates from 50 nations.
Visit product displays by 30 top sponsors in
a relaxed setting. http://www.blackhat.com
Comments