Slashdot Mirror

← Back to Stories (view on slashdot.org)

FBI Says Military Had Counterfeit Cisco Routers

Posted by kdawson on from the who-do-you-trust dept.

There are new developments in the case of the counterfeit Cisco routers, which we have been discussing for some time. The NYTimes updates the story after an FBI PowerPoint presentation made its way onto the Web. It seems that experts at Cisco have examined some of the counterfeit routers in detail and proclaimed that they contain no back doors. Others don't believe we can be so sure. "Last month, [DARPA] began distributing chips with hidden Trojan horse circuitry to military contractors who are participating in the agency's Trusted Integrated Circuits program. The goal is to test forensic techniques for finding hidden electronic trap doors, which can be maddeningly elusive... The threat was demonstrated in April when a team of computer scientists from the University of Illinois presented a paper at a technical conference in San Francisco detailing how they had modified a Sun Microsystems SPARC microprocessor... The researchers were able to create a stealth system that would allow them to automatically log in to a computer and steal passwords."

9 of 186 comments (clear)

  1. Fear Fear Fear by Anonymous Coward · · Score: 4, Insightful

    Be afraid. Be very afraid. Vote for those that seek to protect you.

    This seems like a scare tactic to "warn" people about the dangers of fake hardware/software. Expect a big push around these types of "stories" as more bills like PRO-IP go through congress and as the creation of the IP & Copyright Czar in the Whitehouse gets a big push.

    It's a concern but seems to point more to incompetence rather than some difficult-to-spot threat. Why are government agencies not buying directly from Cisco? Seems they should have some sort of corporate connection.

    "We must protect our precious bodily fluids."

    1. Re:Fear Fear Fear by ahabswhale · · Score: 3, Insightful

      1) This has nothing to do with IP rights.

      2) It's a concern when you consider the potential effects of this kind of infiltration. Buying directly from Cisco, in no way, protects you from this problem. The hardware is still made overseas in some factory by a bunch of people who may not like the US very much (which is true of 99% of the planet right now).

      Apparently you lack the imagination to see how ugly this can get. Fortunately DARPA isn't run by you.

      --
      Are agnostics skeptical of unicorns too?
  2. Re:free software distributes the effort. by gartogg · · Score: 4, Insightful

    Items with high capital costs don't work well as "open source;" basically, the manufacturing plants costs so many billions of dollars that no one who isn't doing proprietary work could afford it. Even if you could open source chip design (a dicey proposition, since there are many fewer EE Phds that want to donate time than there are CS Phds,) there are still difficulties with the actual manufacturing, and we would still need to guarantee the physical chips, which are individual, and cannot be "re-compiled;" if you think there may be an issue with a batch, you can't start over without paying for new chips.

    Maybe, however, I am missing something about the procedure you are proposing; what parts would be open source?

    --
    I'm a concientious .sig objector.
  3. Re:And outsourcing.... by dave420 · · Score: 2, Insightful

    As you say, even domestically-produced hardware can theoretically have trojans in it, so it should be standard practice to certify everything they use, regardless of where it came from.

    The outsourcing boogeyman has nothing to do with this - relying on the "USA A-OK" school of thought as some sort of defense against malicious hardware is obviously not a good idea.

  4. Re:An Evil Competitor. by smittyoneeach · · Score: 2, Insightful

    two groups of brutal tyrants
    I find a considerable amount of what RMS has to say at least thoughtful and challenging, except on political topics.
    --
    Get thee glass eyes, and, like a scurvy politician, seem to see things thou dost not.--King Lear
  5. Re:And outsourcing.... by Vancorps · · Score: 2, Insightful

    It's worth noting you can do everything a Cisco router can do with a Linux box. I just built a box with Zebra and a solid state hard drve along with a 4 port network card. I have some pretty good throughput with that and I would have no trouble adding additional cards for connections to OC48s and higher.

    Cisco is becoming increasingly irrelevant. They don't bring anything to the table that isn't already out there and they segment it all so it's a lot harder to manage than it needs to be.

    Anyone else notice a sharp decline in the quality of Cisco products over the last 5 years?

  6. Re:And outsourcing.... by everphilski · · Score: 2, Insightful

    but the copier would record all copies to flash memory

    Flash memory... cold war? Surely you must be joking ...

    They used a camera with a roll of film, which they then had to develop ... whippersnappers! get off my lawn!

  7. Re:And outsourcing.... by Thundersnatch · · Score: 4, Insightful

    It's worth noting you can do everything a Cisco router can do with a Linux box.

    Except connect to a SONNET network. Or a DS3 interface. Or aggregate multiple T1s. Or suport terabit switching and routing speeds.

  8. Re:An Evil Competitor. by drinkypoo · · Score: 2, Insightful

    If you think the US a tyranny, then I wish you could go live in an actual tyranny, briefly, for comparison.

    arbitrary or unrestrained exercise of power; despotic abuse of authority. - check! It's just in other countries. the government or rule of a tyrant or absolute ruler. - check! The executive branch has been heading towards full dictatorial powers and can now "legally" seize them in case of an emergency, in so many words. oppressive or unjustly severe government on the part of any ruler. - check! In my opinion just the laws against victimless crime are sufficient to qualify. One percent of our population is in prison. And while we ostensibly do not permit cruel or unusual punishment, not only do we kill people for crimes (as if it solved anything) but we do it in horribly inhumane ways; while hanging has gone out of vogue (breaking or at least damaging someone's neck and strangling them by their own weight, which can take minutes) we still electrocute people (causing their body to dance, shake, twitch, and convulse for some time) or use a gas chamber (in which you have ample time to think about your impending death.) At least the lethal injection is relatively "humane" (as if putting someone to death unnecessarily after our social system has by definition failed them could ever be termed as such.) undue severity or harshness. - The system is full of it! Shit, you can potentially get sent to jail for years for copying a DVD for personal use! This government is completely out of control and just because it's worse in other places doesn't mean it's not bad here. Your standards are just so low that you're willing to put up with a government which repudiates everything this nation ostensibly stands for and deliberately causes pain and suffering in the name of profit.

    --
    "You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"