Slashdot Mirror


FBI Concerned About Implications of Counterfeit Cisco Gear

SpicyBrownMustard writes "An FBI PowerPoint presentation provides details about a criminal investigation into counterfeit CISCO hardware originating from China, and sold by Gold/Silver partners to numerous US government, military, and intelligence agencies. The concern of the article's author and the FBI is that the counterfeit equipment may be state-sponsored to aid in accessing otherwise secure systems (slides 46+47). Says the article author: 'The threat is real. Compromised hardware of potentially hostile foreign origin sits within secure networks of the US government, military, and intelligence services. And as you now see, the FBI has been concerned about it.'" We've mentioned the seizure of some of this equipment before, but this presentation adds quite a bit of detail, and highlights the FBI's concern of Chinese government involvement.

5 of 273 comments (clear)

  1. Re:Nightmare by Kadin2048 · · Score: 5, Interesting

    > This is going to keep a lot of people awake at night.

    As well it should, because they never should have allowed the production of critical national-security infrastructure components to be outsourced in the first place. Now that they've dug themselves into an impossibly deep hole, they're going to start complaining that the view sucks.

    I think the first thing that needs to happen, is that some agency (the NSA seems the most suited) needs to create and bootstrap 'reference platforms' for various architectures. Create a secure compiler chain from the ground up, auditing code the whole way. There's no other way to be sure that you're not just compiling in backdoors, otherwise.

    Then with that accomplished -- and it would need to be done for every architecture that needs to be secured -- they'd at least have a secure toolset and compiler chain to vet COTS code with. (It goes without saying that any product that doesn't come with source code, and which can't be compiled on a secure compiler and then have that object code loaded in and run, should be immediately removed from the secure infrastructure. It's beyond broken.)

    It would be a major effort, and probably a large shift in scope for the agency put in charge of it, but I think the problem is too important to do anything less. The economic, political, and military security of nations is going to rest firmly on electronic infrastructure, and we need to make the trustworthiness of that infrastructure a national priority.

    --
    "Ladies and gentlemen, my killbot features Lotus Notes and a machine gun. It is the finest available."
  2. Re:Well that's a change by rbanzai · · Score: 4, Interesting

    I think you have not heard of counterfeit brake-pads. Counterfeits are a significant danger when they move beyond the more visible realm of watches and bags. I would not be surprised if at least 50% of all manufactured items are subject to counterfeiting and it goes all the way down to mundane but important things like o-rings, cotter pins, bolts, cables, etc.

    The problem remains the same whether it is a simple or sophisticated item: something has been compromised. But what exactly? Finish, fit, function? Do you want to gamble your life on it? Your property? Your data?

    I don't care about watches and bag. The rest has me concerned.

  3. Re:Lost sales aren't the issue for brands. by Kadin2048 · · Score: 4, Interesting

    Oh I agree. But the political pressure -- and I think money as well -- behind the counterfeit-interdiction efforts (at least in the U.S.) is coming from high-end brands. They're using the drugs as a ruse to get attention, but then insisting that inspectors waste time looking for faux Rolexes and handbags.

    Fake drugs, aircraft and machine parts, and to a lesser extent IT infrastructure components, are all serious issues. I didn't mean to understate the seriousness of any of them. But there is a huge difference between a counterfeit drug that's actually poison, and a counterfeit handbag that's made without the permission of the trademark-holder. The first represents a clear and obvious danger; the latter is a vague intellectual-property crime at worst. I'm very concerned that enforcement efforts spurred by the former are actually being used for the latter.

    --
    "Ladies and gentlemen, my killbot features Lotus Notes and a machine gun. It is the finest available."
  4. Re:Someone had to say it by MrNaz · · Score: 4, Interesting

    How are you on the internet then? I'd wager a bet that > 50% of the products you use on a daily basis are at least partly made in China.

    But back up a minute, since when was China the sworn enemy of the US? If the US didn't trade with countries it viewed with suspicion, then they'd pretty much only be trading with Canada, and even then it'd be a begrudging trade arrangement.

    --
    I hate printers.
  5. Re:Nightmare by ZorroXXX · · Score: 4, Interesting

    I think you are just getting a dose of turn about is fair play.
    I would rather call this unfair play.

    The CIA and NSA have tampered with electronics being sold to America's adversaries for years.
    I hate USA for forcing the yellow dots "feature" on all colour laserjet printers, making it (almost?) impossible to buy one without, even when I do not live in USA.

    I mean, one thing is what a government does to its own citicents; it sort of have authority to do whatever it wants except as limited by international agreements. But one country should not be able to force its own politics upon other countries. Just recently usage of wi-fi has been restricted in Russia. What if a country, say Burma, made usage of wi-fi illegal, should then other countries suddenly be forced to make it illegal as well?

    As my old HP Laserjet 6L is clearly showing its age on the printouts, I am currently actively searching for a replacement and would like to have a colour laserjet. Does anyone have tips for getting an affordable one, without the yellow dots?

    --
    When you are sure of something, you probably are wrong (search for "Unskilled and Unaware of It").