Slashdot Mirror
FBI Concerned About Implications of Counterfeit Cisco Gear
SpicyBrownMustard writes "An FBI PowerPoint presentation provides details about a criminal investigation into counterfeit CISCO hardware originating from China, and sold by Gold/Silver partners to numerous US government, military, and intelligence agencies. The concern of the article's author and the FBI is that the counterfeit equipment may be state-sponsored to aid in accessing otherwise secure systems (slides 46+47). Says the article author: 'The threat is real. Compromised hardware of potentially hostile foreign origin sits within secure networks of the US government, military, and intelligence services. And as you now see, the FBI has been concerned about it.'" We've mentioned the seizure of some of this equipment before, but this presentation adds quite a bit of detail, and highlights the FBI's concern of Chinese government involvement.
hacked by chinese ^_^
Well that's a change. For once a counterfeited items seems a little bit dangerous.
That's a much better job as scaring us to support the anticounterfeit capains than the previous stuff.
I mean, I've seen those ads saying "counterfeited items can kill" with a teddy bear ready to burn a child alive because he's not fireproof, and I must say it felt a little bit too much.
The fact that the financial loss they claim is mostly due to fake Rolexes, Channel stuff and the like doesn't help. I mean, how many people who buy a fake Rolex could afford a real one?
Still, I don't see how those Cisco conterfeits could be that bad; I mean, if it's critical equipement, of course you'll have to know where it comes from (and I don't see how real Cisco servers made in China would be a lot less of a risk).
Don't take my posts literally; it's just code to control my botnet.
MABASPLOOM!
This is a complete and utter nightmare, for so many reasons. You start to mistrust the routers in your network, then you should also distrust most of the tools in your arsenal. Can you trust that laptop? What about the chipset in that laptop? Can you trust the copy of GCC you have?
This is going to keep a lot of people awake at night.
Laughed they did.
They should be afraid of the genuine article too. Only free software can be audited, modified and trusted.
How is it, concern? Is there any evidence of shadow access to the cloned hardware or not? At the very least it should be rather easy to know if the cloned firmware is an exact copy of the Cisco firmware or not. I can understand the concern of cloned equipment in general, but to speak about a particular case and be so vague means for me that there is in fact no evidence of any type of backdoor.
Rome taught me patience and assiduous application to detail. Virtues which temper the boldness of great, general views.
Only use network gear that was built in the US. *snicker*
Probably the real concern is that they can't install their own backdoors into these routers.
Can we say, like DUHHHHHH!!!!!
It took them this long to figure that out?
How many of you saw that the second the first link was posted last month?
Really, if it is *that much* of a concern, quit buying from a third party vendor. License a spec, rent a manufacturing facility, put some people to work, and create your own Cisco Certified Uber Network Gear eXtreme, Uncle Sam Edition
"When life gives you lemons, don't make lemonade. Make life take the lemons back!" -- Cave Johnson
presume FUD until given proof. and check the source of any "proof" too, never trust those who stand to gain
I can think and think over it, there seems to be but one solution:
Now is time for US Department of Sensitive Things to stop buying hardware and start buying blueprints. Buy VHDL and CAD files from CISCO, scrutinize them for threats then produce it yourselves.
China is great for cheap production but there is a reason why military approved stuff are more expensive : among other resons, you can't let anyone build them.
And if you want certified and cheap stuff, it is time to begin building robotic factories.
The Wise adapts himself to the world. The Fool adapts the world to himself. Therefore, all progress depends on the Fool.
> The fact that the financial loss they claim is mostly due to fake Rolexes, Channel stuff and the like doesn't help. I mean, how many people who buy a fake Rolex could afford a real one?
... it's exactly the opposite. When the flunky working the counter at Blockbuster is wearing a good-as-real Rolex, suddenly the brand isn't worth quite as much, and if you're some hotshot looking to make a statement about exactly how much disposable income you have, maybe you'll go buy something else -- something more difficult to fake, something with more intrinsic value -- instead. That's the real worry for high-end brands. It's not the lost sales, it's the damage to the brand that inevitably occurs when average folks get their grubby little McDonalds-covered paws on them.
That's not the point. The reason the brand owners get their panties in so much of a bunch over the counterfeits isn't because the plebes buying the fakes could actually afford to buy a real one, if they weren't wearing a fake
Which really just makes those "counterfeits kill" ads all the more ironic; the people those ads are being marketed to are essentially the high-end marketer's enemy. They're the ones who must be denied access to the high-end brands; who must be made to covet without actually being able to possess.
"Ladies and gentlemen, my killbot features Lotus Notes and a machine gun. It is the finest available."
Who cares about counterfeit Disco gear?
If you can read this, I forgot to post anonymously.
you cant expect it to be secure...
Thanks to file sharing, I purchase more CDs
Thanks to the RIAA, I buy them used...
The economic integration between North America and Communist China is putting us in a very dangerous position. The Chinese government has a well-documented history of utter ruthlessness, and will happily steal and duplicate every technological edge it can get. Does anybody believe even for a moment that the same people who have committed and facilitated cold-blooded mass murder on a scale we find difficult to imagine will draw the line at a little industrial espionage?
Corporations that are forcing us into closer and closer economic contact with China are making huge profits, and doing a good job of ensuring that our governments obediently facilitate economic integration. For the rest of us, this means stagnant wages and limited opportunities...all in return for access to cheap headphones, lead-poisoned toys and other gimcrackery.
The Chinese government is not our friend, and the argument that exposing them to the joy of capitalism will make their society free is exactly backwards.
I've calculated my velocity with such exquisite precision that I have no idea where I am.
I also suspect my Lenovo/Thinkpad..whenever I'm in the room it seems to be...watching me.
To any federal agency monitoring this (NSA), please stop buying your network and computing gear from yard sales and ebay.
Absolute power corrupts absolutely. indymedia
the USA issues counterfeit money. "Why it will hardly buy you anything these days, says octogenarian Edna Pumpernickle. But I hear they have great money in Europe."
"Don't steal data; the government hates competition!"
Americans who deserve to work 40-50 hour weeks, own their own car house and TV and as many kids as they want subsidized by taxpayers? If you take away cheap Chinese goods in the name of 'security', these Americans might have to give up their house or a car or have less children. Besides, the only security we need to worry about is security from Arab terrorists who hate our freedom, don't worry about economic imbalances and lost opportunity in the job market. You're just being negative and bringing America down!
Blar.
Security cannot be achieved with closed source or closed hardware. The problem of security is too difficult, so it is best to create a "culture" of security based around a simple set of rules:
1) All software implemented in Network Systems must be open and source code must be peer reviewed on a regular basis.
2)Hardware should be as generic as possible and should be built upon agreed standards so you can mix and match components.
3) Cultural security is laid at the foundations of software and hardware. Once everyone knows the foundations any single individual or group will find it very hard to con an entire community.
Even if they succeed it will not take long for the culture to detect the deception.
Personally, I am glad the Chinese are screwing Cisco. Remember folks, we are talking about the same company that sold the Chinese government a ton of security products to hunt down and kill/torture or imprison political dissidents.
Last year I got rid of the final pieces of Cisco gear in my network and everything is working just fine with Open Source equivalents.
I peer review my own patch updates, and follow the lists carefully as the comminity as a whole deals with coding the upgrades.
I really do know what my routers are doing.
How many here can say that?
-Hack
Got Geometrodynamics? Awe, too hard to figure out? Too bad.
I reckon the job of the spies has been a whole lot easier because they could rely on the US gov't buying Cisco-branded equipment. More diversity in the network equipment landscape would have made things more difficult.
Please correct me if I got my facts wrong.
Nice red herring there. We need to put those who want authority over us under a different, much more strict set of rules. It's our only way of protecting ourselves from the all too frequent abuses.
What?
I understand that the market (and by extension politicians) salivate at the thought of so many new consumers, but how long are we going to let this utterly flagrant counterfeiting continue? There are no profits to be made if China makes and sells our own damned products to us.
For starters, more information will be forthcoming. Some of the CPUs from China have different designs then what they should (hello intel). In addition, extra circuitry has been found in bioses flash ram. The scary part is that China is not gearing up to improve their economy or even for defense. They are using this to plan an attack. For you naysayers, think of the articles that have shown up here about the laser trying to blind one of our sats; Another that blew out our sats. What use is that? It is only of use if you wish to deny the opposition the ability to attack BACK. It does not help you if the attack is underway. IOW, if we launch first, by the time that China could react, our missiles would already know what, where, when, etc. The current Chinese leaders are STILL the same that they were 50 years ago; they believe that power is done via a gun. Mao once said that he would acquire the nuke even if it killed 1/2 of china. But what is china doing now with all the pollution? Killing them in the interest of moving fast enough to build up a military capable of taking on USA. In addition, they are trying hard to appease EU in hopes that they will stay out of this. Hopefully, EU learned their lessons about appeasing such leaders. It will never work.
We didn't make it, we don't know what it does. It must be a threat.
The wonderful thing about this (apart from the certainty that it will involve giving the security organisations more money) is that you don't have to prove anything. Just say "it's possible" (not even probable), or that they're "concerned" or that there "might be a threat" and suddenly everyone is running around as if the sky is falling.
Time to stop watching the James Bond movies guys. Go back to worrying about monsters under the bed.
politicians are like babies' nappies: they should both be changed regularly and for the same reasons
Clinton and the Republican 1990s Congress sold us Most Favored Nation and "Fast Track" status for China on the appeal that the US would be manufacturing high-tech gear like Cisco routers and selling it into the emerging Chinese market. Making China dependent on US manufacturing and retailers so we could dictate political terms to them, like not torturing Tibetan monks.
They got it. Then they flipped the script. Now the US is dependent on Chinese manufacturing. Stepping up the game, Bush and the Republican 2000s Congress sent us $9 TRILLION into Federal debt (after a Clinton left him with a surplus), making $400 BILLION in debt bought by China necessary to keep the illusion that our economy hasn't collapsed - an illusion rapidly vaporizing, even before China applies much pressure to force us to comply with their Communist mafia government's global expansion plans. Meanwhile the Chinese are not just torturing monks (or stopping us from torturing around the world), they're also sending weapons, including machetes, to fuel a slaughter in Zimbabwe.
They baited and switched us. And by "they", I mean a lot of Americans with Washington addresses, and now obviously Chinese bank accounts.
--
make install -not war
I hate to embrace such technologies, but secure networking equipment probably need some sort of firmware DRM / Trusted Computing / game-console-like protection against modification.
-Clio
Karma: Bad (mostly from not giving a fuck)
Blog: http://clintjcl.wordpress.com
THe real issue is that Cisco ships AND CONTROLS chips, etc. If these companies are producing more systems, then they are doing it with their own uncontrolled chips. The real problem is that CPUs have been found to be modified.
Even the Federal Government is not as big as the free software community. If they are not free to modify the source for any purpose and share those modifications with everyone else in a free way, they lose the benefits of freedom and become an unpaid bug fixer for Cisco. Malice can slip through in obfuscated form, they can't make it do what they want and they will have a hard time being sure what they audit is what they run.
There is no way to "trust" software, unless you've hand-assembled an assembler, used that assembler to create a better assembler, used that assembler to create a basic C compiler, and use that C compiler to build your real C compiler. And, additionally, audited all the code.
Then, you have to look at ever line of every tool source as well as all the source of everything. Even then, you need to verify hardware, BIOS, etc.
It is a hard job. Maybe impossible.
The first step, however, is to STOP buying aggregate devices based on software. A Cisco router may be cheap, comparatively speaking, but an audited and verified version of Linux/FreeBSD running on a commodity P.C. with tested hardware would be a lot more trustworthy.
I mean, there is a lot of sci-fi threat out there, bogus CPUs that run their own programs, hacked network cards, hacked hard disks, etc. These things can be checked and while possible are implausible at the moment. A hacked Router? Come on, I can't believe it DOESN'T send information someplace. It would be just a few lines of code. With even more code, it could analyze the packets and be more selective, and possibly even encrypt and compress data sent.
http://www.theregister.co.uk/2004/07/29/cisco_huawei_case_ends/
While Cisco dropped this lawsuit claiming "a victory for the protection of intellectual property rights."
This was after Huawai photocopied IOS Configuration guides and "portions of its IOS source code found its way into Huawei's operating system for its Quidway routers and switches. Cisco claimed the Huawei OS included text strings, files names and bugs that were identical with Cisco's IOS source code. The suit alleges that Huawei is infringing at least five Cisco patents."
*RING BELL* Round 2
That they are hostile foreigners who hold favoured nation trading status...
China in return agreed to allow their money to float free, but created "the basket" that they then control to an unknown formula. Considering that yuan has gone up a whopping 17% against the dollar over 5 years, while most other moneies have gone up more than 100%, it says a lot. In addition, they were required to drop their tariffs over 2 years ago (they asked for 5-7 years). We are now pushing 8 and they are asking for another 3-5 years of them.
The good news is that EU has seen what has happened to us and is pushing several issues; 1) the chinese firewall and the tariffs 2) the money issue 3) the carbon issue. As such, they are about to slap a major carbon tax on everything based on their Point of origin as well as a tariff against chinese good because of the firewall and tariffs.
I prefer the "u" in honour as it seems to be missing these days.
The United States was once a major manufacturer of all things high-tech. I can remember being within an hour drive of Digital Equipment, Data General, Apollo Computer, IMC Magnetics (computer fan maker), Clarostat (precision resistors), and many others. But the most relevent to this story is Cabletron (See wikipedia for a short description). This Rochester New Hampshire based compnay made ALL of it's products in Rochester New Hampshire. Soldered and assembled by Americans, designed by Americans, and built to last. Some of this gear still survives in the field. There is a legendary story out of Chicago of a bank that was flooded at the lower levels. All of teh Cabletron networking gear was assumed to be dead. After a few days of drying out, it was perfectly functional and resumed service. So teh lesson is, pay more to an American company with American designed and produced product and your security concerns will drop.
Under FIPS, not only must the vendor use specific encryption standards -- those standards must be implemented using specific approved code libraries which have gone through an audited security certification process.
In at least one major application that I'm aware of, if you set the system to be "FIPS" compliant, users who have the newest client can't send encrypted data to users who have older versions because even though they can read it just fine because they do support the standard of encryption -- the libraries used on the older client versions wasn't FIPS compliant. Its a nightmare in terms of implementation and transition from version to version.
The problem with quotes on the internet, is that nobody bothers to check their veracity. -- Abraham Lincoln
I have seen come across my email at work with similar warnings. I know that the military has identified how to distinguish the difference in the counterfeits and has taken steps to keep them from being added to the networks, it is worrisome however because they are trying to get them into DOD networks.
I'm using my "Economic Stimulus" money from the government to buy Chinese language software. When they buy the U.S., I'll be ready to work in any sweatshop they have.
Equipment that will handle sensitive data should be purchased by the Government only from manufacturers who make it within our borders. Yes, this would increase costs. But it would help ensure that no "special" Chinese chips get inserted into the devices. It would also bring a few manufacturing jobs back to our shores. Of course, I'm assuming here that the very last of our electronics manufacturing infrastructure has not been dismantled...
"We can categorically state we have not released man-eating badgers into the area." - UK military spokesman, July 2007
How hard will be for Cisco and us GOV to make custom firmware that makes it so any counter gear / other firmware hacks don't open up holes in the network?
There are tons of other countries that can manufacture our goods. The same cannot be said of US purchasing power.
Don't be upset though, your mistake is common amongst those with only a cursory knowledge of the subject like you have.
Mere days after having stumbled upon http://www.cse.ucsd.edu/users/swanson/WACI-VI/docs/08_slides.pdf There is a whitepaper out there by King and company describing indepth the breaks in our retail chain. ICS shipped from overseas etc, and how they are used in high level places where security is tight but these items could use little modification to provide a virtual back door that would almost never be found. Here is the abstract document. http://www.usenix.org/event/leet08/tech/full_papers/king/king.pdf
I am Bennett Haselton! I am Bennett Haselton!
One round through Cisco's Quality Machine should be more than sufficient to test the authenticity of counterfeit products, probably even from anywhere on the internet. I worked on some of there test automation systems and they chart how much is automated, the results and even where the problems occured and by whom.
That works better for software than for hardware. After you've checked the VHDL for back doors, how do you tell that the actual device matches it? You either have your own fab or you look at millions of transistors under a microscope. And the recent Usenix paper showed that it takes very few gates to put a remote root backdoor into a CPU.
Nice thought, but consider this:
The people that need policing are the only ones that can authorize/mandate it. Figure the odds...
Don't tell me to get a life. I'm a gamer; I have LOTS of lives!
IPTables FTW!
"I stomp in clown shoes where daemons fear to tread."
Govt security managers and auditors are being ordered by their PHB bosses to give out passing grades on systems than cannot pass muster. And this is under duress of losing their jobs if they don't do as ordered, but they're still held responsible for any security breaches. In essence, the security managers are being forced to bear full responsibility while at the same time being stripped of the proper authority needed to conduct their jobs.
It's a combination of two well known troll phrases with an unrelated link to twofo.
"Eat my goatse'd penis!" appeared on the old goatse.cx site after the picture had been removed.
"Don't forget to pay your $699 license fee you cock-smoking tea-baggers!" is what SCO$699FeeTroll used to first-post on every linux story here.
Man, every time I think I should stop trolling, I get hilarious responses. Idiots. Remember:
DO NOT FEED THE TROLL!
It's not just consumer stuff. There's a well publicized account of Chinese counterfeiters setting up a fake NEC in China which sold products that NEC never manufactured. http://www.nytimes.com/2006/05/01/technology/01pirate.html?pagewanted=all
How many products can only be made in the U.S. or E.U.? It really doesn't take that long to throw together a manufacturing plant. Honestly, with the huge numbers of educated engineers in China and its culture of IP theft, how long was it going to be before truly sensitive, high tech products were copied?
The FBI's fears remind me of a recent book, The Execution Channel. http://www.amazon.com/Execution-Channel-Ken-MacLeod/dp/0765313324
While it might be a lot of trouble to rewrite firmware in a legitimate product, what's to stop someone from writing malicious firmware into their own knockoff product?
Make love, not reality television.
I think this FBI warning is nothing but FUD. Not one piece of equipment that has been confiscated has show any signs of being tampered with or having the capability to "phone home" or allow back doors. The counterfeit equipment seems to be extra runs and offered on the black market by the companies outsourced to make it. Why the FUD? This is to justify the government spending hundreds of thousands of dollars tracking down goods that are cutting into Ciscos profit margin. Nothing more, nothing less.
Here is the situation. Cisco wants to save money by manufactoring products overseas. They specifically use companies in China knowing they have little control of the operation. This is a money saving business decision made by Cisco. Now the down side is the integrety of their products which their business risk analysis of using companies in China should have flagged. Now Cisco gets the best of both worlds. They get the much cheaper costs of using China labor, and get the federal government (our tax dollars) to foot the bill for the counterfiet finding operations.
If Cisco was truly concerned about the security of their products, they would not outsource to a company in a foreign company that they have very little control over. Truth is, they are not interested in security at all. They are interested in saving money and getting the tax payers to foot the bill to protect their profits. They are getting the best of both worlds because if they manufactored the products in a country with tougher laws or one they would have more oversight, it would cost more to make the products which would come out of Ciscos profits, not ours. If the government was concerned about the security, they would not buy products from a company that manufacturers their products in China.
As this story gets picked up by IT folks, they get a little scared and want something done to protect them from the boogy man bogus products as well. Cisco gets to claim that the FBI is involved in this so you can sleep good and you can forget that we are using cheap labor in a country we have little monitoring capabilites over the quality of our products.
...we started manufacturing this stuff right here at home again. Fuck California and all the fucking tree huggers out there. Michigan right now will happily welcome any new electronics factories that wish to start up there.
back in the original cold war, we mandated that equipment come from a number of sources. That included America, but also just about any western country (france was an exception because they had been caught giving information to USSR many times). We can and should go back to that. The problem is that China is not stealing to help their economy. They are trying hard to steal defense secrets to play catch-up. If you look at their strategy, they are NOT doing this for defense but for an attack. If this was about defense, they would be attempting to steal items for monitoring and would take up on our requests to monitor them, while they monitor us. They do not want that. We actually need to crack down hard on our security, and limit where ppl can go.
Why is Cisco gear assumed to be "trustworthy"? Since this is all closed source software, maybe Cisco has been secretly spying on us all for years - and this has only come to light because of FUD spread about "chinese" routers.
by the same bunch of contractors-for-hire that make most of the rest of the international carrier supplier equipment, does it surprise anybody that there are counterfeits from China that get into supply chains?
would have been harder to do if these companies made their own stuff, as they used to.
if this is supposed to be a new economy, how come they still want my old fashioned money?
There is a reason that the majority of the slide show fucused on other issues than software threats, and the reason is that those threats are the least likely to cause a problem.
If I buy a counterfeit router and stick it in my secured network there is almost no chance that anyone will have the opportunity to exploit it. That is to say you would need physical access to a terminal within a secured area within a secured building on a secured post, you would need to defeat the access controls to use that system, and of course, you would need to know that your counterfeit hardware is in a usable position within the architecture. It doesn't help if a reliable firewall (juniper) blocks you before, or another (foundry) blocks you after you mannaged to get to your compromised one (cisco)(defense in depth / breadth anyone?).
Basically, for any secured network, anyone who would have the access to make use of a compromised router already has adequate access to do nasty things to the system.
A much bigger concern is the lesser build quality and the lack of vendor support.
I'm not sure standard code libs would help. If it's a good enough knockoff, you should be able to install Cisco firmware you download off their support website, thus wiping any backdoored Chinese firmware. If it's backdoored real well, it'll probably have some special boot loader and extra flash space that could subvert any trusted code you have in the system image.
Try this out for size...
"In recent years many vendors, including foreign companies, with little to no experience in the nuclear industry have entered the market to supply parts and components for both safety and non-safety applications to nuclear power plants," the notice states. "It remains the licensee's responsibility to ensure that all suppliers use standards and processes that conform to US standards. Effective oversight of suppliers becomes increasingly more important as the nuclear industry begins construction of new nuclear power plants in the US."
...right around the time these stories really started getting mass-publicity...
And was shocked to find that, for example, my 3745 had, among other things, 4 VWIC-2MFT-T1 interfaces... Three of the four were counterfeit--but all were bought through Cisco Gold partners.
Until I saw this with my own eyes, I had no idea how wide this issue reached.
Who did what now?
Now sit and think that for almost 50% of Americans the only guarantee they have that their vote is counted is that the hardware and software "are correct". Given that the local network techs are able to poke and test CISCO routers in a way that out voting machines are not this means that for most American voters (and voters in many other countries) we have less guarantee that our votes are cast on authentic machines than we do that our routers are "clean".
But the real question is, do pirated versions of an overpriced OS diminish the user experience and 1337ness of having a luxury OS, or does the OS diminish the user experience sufficiently on its own?
The argument to be made for the security properties of counterfit vs legit hardware made in a country you distrust seem to me to be pedantic at best.
On the other hand you may have very good reason to worry when your routers login banner gets changed to: China 0wns US sipernet DFZ!
Individual Components are made from components that are made all over the world. There can be an infinite number of things that can occur..even spies and shady individuals in trusted fab plants can wreck havoc on the properties of devices.
There must be software methods avaliable to deny context to hardware. Maybe custom encryption ASICS are not the wave of the future afterall? Sure hardware may be able to broadcast signals or accept kill commands on their own sidechannels but this threat is mitigated by tempest requirements.
Either the US government can make all their own stuff and stop purchasing COTS alltogeather or they can assume a level of distrust and deal with it... Dealing with it IMHO only serves to improve overall systems security.
Ya'll are crazy. Crazy I tell you. You can just do what the GOV does and wiretap your traffic for irregular behavior (related to root-kits and other malicious code) running on your network, at any layer. I'm sure the shady bastards in china have TRIED to put back doors in the software/hardware but there are ways to detect them. So, whenever you get a new piece of equipment, upgrade the code to whatever the vendor is offering (ie. at clean version) and do a little packet inspection to see what's really happening. Has anyone actually found any REAL evidence of what the article is proposing? A massive conspiracy of hardware and software-based back doors from the government of China..No. If it existed there would be more evidence of it. There isn't any that I'm aware of (public knowledge could be suppressed but that's another topic) This is not much better than 1950's McCarthy rampant speculation. It's healthy paranoia at best.
We have heard Obama and Clinton use strong words against NAFTA but nobody is talking about China. I am positive we are loosing more jobs and money (e.g., trade deficit) to China. At least in the case of NAFTA, we are dealing with two friendly democracies. In the case of China, we are dealing with a brutal dictatorship with a horrible human rights records. We have an embargo against Cuba for the very same reason. So, why do we even trade with China? Had we closed our doors to them back in the days of Bill Clinton, they would probably never had experienced such economic boom and perhaps we would have helped force them into a democratic path.
In a sense, what we have exported over to China the assembling jobs. "Made in China" should be more appropriately call "Assembled in China." Yeah... your iPod and Cisco routers are assembled in China; but all key components -- the VLSI chips -- are made in the U.S. What the Chinese workers do are just to put them together.
I don't know about you but I think these lines of work are just as low as the McDonald's jobs, and not glorifi-able at all. And it is just not much different than having automated robots do that. At the dawn of industry age, there were attcks against machines by workers. You don't mind the machines just because you are an engineer who (indirectly) sell the machines, rather than the one being replaced by the machines.
In fact, due to the low level (but not absence) of IP protections in China, businesses -- foreign or domestic -- are the ones who become very careful in revealing IPs over there.
I think you, as an engineer, should really start worrying when their IP protections become strong, because that's the time more real IP works will be done in China. So be careful what you wish for.
Are you sure you can scrape even 10,000 developers from those three million federal employees? I don't think so, and the free software community has continued to grow exponentially. Sourceforge alone has almost two million registered users.
If we're searching computers at the border now, how would a compromised system even get into the country?
Please post where I claimed that. You have used a straw man here. I never once, in any way, shape, form, or fashion, claimed that we are strong. Only that the amount of manufacturing that can stand in for Chinese manufacturing exceeds the amount of purchasing that can stand in for US purchasing.
Are you capable of replying to my points without straw men, personal attacks and logical fallacies? Because nothing in your post refuted anything I said, and I'd like to see an attempt from you that actually addresses my points.
I also notice your assertions are based on nothing. I see no evidence to support them, so post it if you have it, your opinion on the matter really doesn't do anything for me.
So, let's see if you can 1) avoid personal insults (I have) 2) post evidence 3) Avoid logical fallacies like the straw man you kicked around in this post.
Consider it a challenge, posting something totally different than the norm for you.
Blah blah blah. You're the one who tried to pull the straw man by lying about which of debt or deficit I was talking about.
But you Republicans are so corrupt and addled that I'm not even disappointed. You really should just shut up about either money or logic already. No one wants to hear it from you, after you voted that straw man (with scarecrow brains) into office twice, and ruined the country.
If you've got an apology to offer, then get it out there already. Otherwise all we want to hear from you is nothing.
--
make install -not war
Please post the quote where I did this. I discussed neither debt nor a deficit, and I've already explained my point, you just can't seem to understand what you're reading.
BZZZT, nice try though.
Of course, I'm sorry I assumed you were capable of a civilized adult conversation, all evidence to the contrary.
Of course, you were wrong, and you failed to refute me twice. I'm sure you'd like nothing better than for me to continue to draw attention to your intellectual failures.
Are you capable of supporting your claims, or should I take your silence on the issue as an admission that you were fabricating said claims?
BZZZT. You lose again.
Because you can't and you know it, so you make a lame excuse.
What on earth makes you think I've done ANYTHING to this country, boy? How do you even know I'm in "this" country? You know what they say about assumptions, they make you look like a fucking idiot.
I asked you to support your claims that I lied. You haven't. So what part of that, specifically, a game? The asking you for sources part or the asking you to prove a statement you made part? It's not hard, if I said what you claim, quote it. Three posts later you haven't, and the excuses keep coming.
This time it's an intellectual game I'm playing, holding you accountable for claims you made. It says a lot about your character that a request for truthfulness is an "intellectual game" to you.
When companies export their labor to other countries, we end up with potentially disastrous security compromises coming back our way. If only there were a law that stated that "any company working with a government contract may not have their labor outsourced to a foreign country, ally or otherwise." then Americans would have more jobs and we'd have to worry less about external threats and more about internal threats.
Still waiting on Serviscope_minor to wake up to fucking reality and realize that Jessica Price isn't going to fuck him.
The FBI has been assured that there is no way whatsover that these could be used in this manner, all investigations have been dropped as per new orders from the Justice Department and NSA and signed by Attorney General Hu Jintao . . .
heeyy waitaminute . . .
Pug
An Invisible Entity of Vast Power whose existence must be taken on faith alone: Liberal Media
Guess what, this is all cheap knock-off crap made to make a buck off the Cisco name. The data in the flash is likely just duped from the true Cisco units.
Beyond the crap quality of these copies, if the code does match any Cisco releases, swap the unit with the real deal. Presto! Evil Commie back door potential vastly reduced.
Whether these allegations turn out to be true or not, the FBI needs to stop its dumb mouth flapping immediately.
1. If true, you shouldn't let China know that you know, until such time that you have enough evidence to take action on it.
2. If untrue, this is a repeat of the Wen-Ho Lee case, and only strengthens China's argument of bias and prejudice in Western gov'ts. It will also further polarize Chinese-Americans (I don't need to point out how many of them work in the tech industry, never mind Cisco) who may be convinced that they are second-class citizens in this country after all, which is bad for national security at all levels.
My only question is is they know this hardware exists on these networks.
1. Why haven't they been shutdown / replaced
2. What could have been compromised? I hope your running a sniffer on your network and gateways.
3. WTF.
That would make the infamous NIPR hack understandable....(but that was just a rumor, right?)
..."Hey Mr. CEO, your idea of outsourcing manfacturing jobs to create lower prices is working great, outsource some more jobs please! I don't care about the future, I wanna save a buck on my plastic mop bucket NOW!"
My GGP post was a joke, I guess I needed more hyperbole...
Blar.
It is just a national incentive. Just a excuse to stop buying china products.
FTFAs:
"So what kind of security risk would be involved here? If the copies are identical down to the individual parts we are looking at a change in firmware at the most."
Jesus Christ!, that only took 10 years, now will they wake up to the "legitimate" hardware already compromise - and in progress?
Should maybe only take 5 more years?
I predict nothing will be done until "the meltdown", then we'll be screaming at interrogators "DON'T TAZE ME BRO!"
Us, of course, being "part of the problem".
God save us - from ourselves.
Is that as far as they've gotten, yesterday's news? Crack teams, indeed - on crack, more likely. How long has it been since they've HAD their "eye on the ball"? Decades? Such trusting souls. Forgive my "scathe-y-ness, but they need to quit preening themselves and get some experts who know the score - obviously they've not the time to even realize there "is a curve" to getting up to speed.
Someone like Fred Cohen, who, could, at least, divine such a problem.
Morons.
~hylas
I'm curious as to if anyone can back up this story? The site that the OP links to also covers stories involving the paranormal and conspiracy theories (eg. its a crackpot site).
...displays an image that is watermarked to www.andovercg.com.
The powerpoint presentation, which I believe is still available at:
http://www.donkeyonawaffle.org/OMB%20briefing%202008%2001%2011%20a.ppt
Andovercg is a used equipment reseller. It's my guess that the picture was originally a side by side comparison of two cisco router revisions. (ever had to work with 3com 3c905s? They've changed dramatically between revisions as well)
If I blow up that picture I can make out the following numbers on the model tag:
Left: 2461 8792 A
Right: 2461 8797 A
I believe the 2nd number is a revision number, which explains the difference in the appearances between the two boards. That's just my best educated guess though, I'd love to hear of an interpretation from someone that actually works with these boards.
Don't believe everything you read to be true...unless its backed up and verfied. This story, while more elaborate than most, fails to convince me its true (not to mention its hosted on a conspiracy theory website)