Slashdot Mirror

← Back to Stories (view on slashdot.org)

FBI Says Military Had Counterfeit Cisco Routers

Posted by kdawson on from the who-do-you-trust dept.

There are new developments in the case of the counterfeit Cisco routers, which we have been discussing for some time. The NYTimes updates the story after an FBI PowerPoint presentation made its way onto the Web. It seems that experts at Cisco have examined some of the counterfeit routers in detail and proclaimed that they contain no back doors. Others don't believe we can be so sure. "Last month, [DARPA] began distributing chips with hidden Trojan horse circuitry to military contractors who are participating in the agency's Trusted Integrated Circuits program. The goal is to test forensic techniques for finding hidden electronic trap doors, which can be maddeningly elusive... The threat was demonstrated in April when a team of computer scientists from the University of Illinois presented a paper at a technical conference in San Francisco detailing how they had modified a Sun Microsystems SPARC microprocessor... The researchers were able to create a stealth system that would allow them to automatically log in to a computer and steal passwords."

13 of 186 comments (clear)

  1. Fear Fear Fear by Anonymous Coward · · Score: 4, Insightful

    Be afraid. Be very afraid. Vote for those that seek to protect you.

    This seems like a scare tactic to "warn" people about the dangers of fake hardware/software. Expect a big push around these types of "stories" as more bills like PRO-IP go through congress and as the creation of the IP & Copyright Czar in the Whitehouse gets a big push.

    It's a concern but seems to point more to incompetence rather than some difficult-to-spot threat. Why are government agencies not buying directly from Cisco? Seems they should have some sort of corporate connection.

    "We must protect our precious bodily fluids."

    1. Re:Fear Fear Fear by ahabswhale · · Score: 3, Insightful

      1) This has nothing to do with IP rights.

      2) It's a concern when you consider the potential effects of this kind of infiltration. Buying directly from Cisco, in no way, protects you from this problem. The hardware is still made overseas in some factory by a bunch of people who may not like the US very much (which is true of 99% of the planet right now).

      Apparently you lack the imagination to see how ugly this can get. Fortunately DARPA isn't run by you.

      --
      Are agnostics skeptical of unicorns too?
  2. Re:This is what we get - Go one further by Anonymous Coward · · Score: 1, Insightful

    Outsourcing critical components is always bad,
    but when you outsource DIRECTLY to countries that

    A: do not like you and make little attempt to hide it
    B: are actively engaging in espionage, known and unknown
    C: have no distinctions between state and corporation, commerce and warfare

    Hand in your commission and your cover, you fucked up.
    You've hit the fubar trifecta. Your command is terminated.

    There is no excuse for this in a trillion dollar army. Good day.

  3. Re:free software distributes the effort. by gartogg · · Score: 4, Insightful

    Items with high capital costs don't work well as "open source;" basically, the manufacturing plants costs so many billions of dollars that no one who isn't doing proprietary work could afford it. Even if you could open source chip design (a dicey proposition, since there are many fewer EE Phds that want to donate time than there are CS Phds,) there are still difficulties with the actual manufacturing, and we would still need to guarantee the physical chips, which are individual, and cannot be "re-compiled;" if you think there may be an issue with a batch, you can't start over without paying for new chips.

    Maybe, however, I am missing something about the procedure you are proposing; what parts would be open source?

    --
    I'm a concientious .sig objector.
  4. An Evil Competitor. by gnutoo · · Score: 1, Insightful

    I think RMS summed up the current US relationship with China quite well:

    Rather than conserve oil, Bush is launching a new Cold War against Russia and China for control of the dwindling supplies. McCain has similar ideas. Unlike the first Cold War, in which countries that respected human rights most of the time opposed Communist dictatorships, this will be a contest between two groups of brutal tyrants, both of which deserve the opposition of all people of good will. I think these evil regimes will use this Cold War as an excuse to become even worse. Both sides will sponsor terrorists to attack the other side, and then both sides will use the "terrorist threat" as an excuse to further trample the human rights of their people.

    The rise of "IP" and corporate interests over democracy in the US has never been clearer than in the last five years. Everything you own can be confiscated for suspicion of "making available" crappy RIAA music that can be found on any radio station. Your email, web browsing, phone conversations and church can all be monitored without a warrent. Those who object will be put on "non fly lists" that are used by banks, employers even the local gym, so the accused is essentially proscribed. The military is now authorized to act against US Citizens in "an emergency". Massive voter fraud has been proved in several major elections. In short, most of the bill of rights has been violated in the interest of government and corporate power. Trade with China has not made China more free, it has made us more like them.

    1. Re:An Evil Competitor. by smittyoneeach · · Score: 2, Insightful

      two groups of brutal tyrants
      I find a considerable amount of what RMS has to say at least thoughtful and challenging, except on political topics.
      --
      Get thee glass eyes, and, like a scurvy politician, seem to see things thou dost not.--King Lear
    2. Re:An Evil Competitor. by drinkypoo · · Score: 2, Insightful

      If you think the US a tyranny, then I wish you could go live in an actual tyranny, briefly, for comparison.

      arbitrary or unrestrained exercise of power; despotic abuse of authority. - check! It's just in other countries. the government or rule of a tyrant or absolute ruler. - check! The executive branch has been heading towards full dictatorial powers and can now "legally" seize them in case of an emergency, in so many words. oppressive or unjustly severe government on the part of any ruler. - check! In my opinion just the laws against victimless crime are sufficient to qualify. One percent of our population is in prison. And while we ostensibly do not permit cruel or unusual punishment, not only do we kill people for crimes (as if it solved anything) but we do it in horribly inhumane ways; while hanging has gone out of vogue (breaking or at least damaging someone's neck and strangling them by their own weight, which can take minutes) we still electrocute people (causing their body to dance, shake, twitch, and convulse for some time) or use a gas chamber (in which you have ample time to think about your impending death.) At least the lethal injection is relatively "humane" (as if putting someone to death unnecessarily after our social system has by definition failed them could ever be termed as such.) undue severity or harshness. - The system is full of it! Shit, you can potentially get sent to jail for years for copying a DVD for personal use! This government is completely out of control and just because it's worse in other places doesn't mean it's not bad here. Your standards are just so low that you're willing to put up with a government which repudiates everything this nation ostensibly stands for and deliberately causes pain and suffering in the name of profit.

      --
      "You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
  5. Re:And outsourcing.... by dave420 · · Score: 2, Insightful

    As you say, even domestically-produced hardware can theoretically have trojans in it, so it should be standard practice to certify everything they use, regardless of where it came from.

    The outsourcing boogeyman has nothing to do with this - relying on the "USA A-OK" school of thought as some sort of defense against malicious hardware is obviously not a good idea.

  6. Re:And outsourcing.... by Vancorps · · Score: 2, Insightful

    It's worth noting you can do everything a Cisco router can do with a Linux box. I just built a box with Zebra and a solid state hard drve along with a 4 port network card. I have some pretty good throughput with that and I would have no trouble adding additional cards for connections to OC48s and higher.

    Cisco is becoming increasingly irrelevant. They don't bring anything to the table that isn't already out there and they segment it all so it's a lot harder to manage than it needs to be.

    Anyone else notice a sharp decline in the quality of Cisco products over the last 5 years?

  7. Re:And outsourcing.... by everphilski · · Score: 2, Insightful

    but the copier would record all copies to flash memory

    Flash memory... cold war? Surely you must be joking ...

    They used a camera with a roll of film, which they then had to develop ... whippersnappers! get off my lawn!

  8. Brutal US Actions. by gnutoo · · Score: 1, Insightful

    The US invasion of Iraq has cost the US more than 4,000 servicemen and Iraq one million dead, 2.5 million refugees, an irreparable infrastructure and horrific civil war. If that's not bad enough for you, the advocacy and use of torture should be. Wake up! we are now a terrible abuser of human rights and we are doing it for oil, big fat "best year ever" oil. What we do to others we will do to ourselves sooner than later.

  9. Re:free software distributes the effort. by Anonymous Coward · · Score: 1, Insightful

    Even if you could open source chip design ...


    Sun has open-sourced the Niagra designs under the GPL, and you can license UltraSPARC from SPARC Inc. Unlike Xeons and Opterons, you can actually get SPARC CPUs from at least two manufacturers: Sun and Fujitsu.
  10. Re:And outsourcing.... by Thundersnatch · · Score: 4, Insightful

    It's worth noting you can do everything a Cisco router can do with a Linux box.

    Except connect to a SONNET network. Or a DS3 interface. Or aggregate multiple T1s. Or suport terabit switching and routing speeds.