Slashdot Mirror

← Back to Stories (view on slashdot.org)

FBI Says Military Had Counterfeit Cisco Routers

Posted by kdawson on from the who-do-you-trust dept.

There are new developments in the case of the counterfeit Cisco routers, which we have been discussing for some time. The NYTimes updates the story after an FBI PowerPoint presentation made its way onto the Web. It seems that experts at Cisco have examined some of the counterfeit routers in detail and proclaimed that they contain no back doors. Others don't believe we can be so sure. "Last month, [DARPA] began distributing chips with hidden Trojan horse circuitry to military contractors who are participating in the agency's Trusted Integrated Circuits program. The goal is to test forensic techniques for finding hidden electronic trap doors, which can be maddeningly elusive... The threat was demonstrated in April when a team of computer scientists from the University of Illinois presented a paper at a technical conference in San Francisco detailing how they had modified a Sun Microsystems SPARC microprocessor... The researchers were able to create a stealth system that would allow them to automatically log in to a computer and steal passwords."

4 of 186 comments (clear)

  1. Fear Fear Fear by Anonymous Coward · · Score: 4, Insightful

    Be afraid. Be very afraid. Vote for those that seek to protect you.

    This seems like a scare tactic to "warn" people about the dangers of fake hardware/software. Expect a big push around these types of "stories" as more bills like PRO-IP go through congress and as the creation of the IP & Copyright Czar in the Whitehouse gets a big push.

    It's a concern but seems to point more to incompetence rather than some difficult-to-spot threat. Why are government agencies not buying directly from Cisco? Seems they should have some sort of corporate connection.

    "We must protect our precious bodily fluids."

    1. Re:Fear Fear Fear by ahabswhale · · Score: 3, Insightful

      1) This has nothing to do with IP rights.

      2) It's a concern when you consider the potential effects of this kind of infiltration. Buying directly from Cisco, in no way, protects you from this problem. The hardware is still made overseas in some factory by a bunch of people who may not like the US very much (which is true of 99% of the planet right now).

      Apparently you lack the imagination to see how ugly this can get. Fortunately DARPA isn't run by you.

      --
      Are agnostics skeptical of unicorns too?
  2. Re:free software distributes the effort. by gartogg · · Score: 4, Insightful

    Items with high capital costs don't work well as "open source;" basically, the manufacturing plants costs so many billions of dollars that no one who isn't doing proprietary work could afford it. Even if you could open source chip design (a dicey proposition, since there are many fewer EE Phds that want to donate time than there are CS Phds,) there are still difficulties with the actual manufacturing, and we would still need to guarantee the physical chips, which are individual, and cannot be "re-compiled;" if you think there may be an issue with a batch, you can't start over without paying for new chips.

    Maybe, however, I am missing something about the procedure you are proposing; what parts would be open source?

    --
    I'm a concientious .sig objector.
  3. Re:And outsourcing.... by Thundersnatch · · Score: 4, Insightful

    It's worth noting you can do everything a Cisco router can do with a Linux box.

    Except connect to a SONNET network. Or a DS3 interface. Or aggregate multiple T1s. Or suport terabit switching and routing speeds.