Slashdot Mirror

← Back to Stories (view on slashdot.org)

DHS Admits Knowledge of Infected Import Tech

Posted by Soulskill on from the mal-where? dept.

smitty777 writes "Deputy Undersecretary Schaffer of the DHS National Protection and Programs Directorate confessed to being aware of foreign technology that had been imported with spyware, malware, and other security risks. According to the article, 'More worryingly, the hearing specifically mentioned hardware components as possibly being compromised — which raises the questions of whether, perhaps, something as innocuous as Flash memory or embedded RFID chips could be used by interested foreign parties.' These hearings were held on July 7th to 'examine the nature and extent of the current threat to America's infrastructure.'"

14 of 59 comments (clear)

  1. Hey! by chemicaldave · · Score: 4, Insightful

    Spying on Americans is our business!

    1. Re:Hey! by liquidweaver · · Score: 5, Funny

      Spying on Americans is our business!

      Spy on us ? Why, that would indicate some amount of distrust. Why would the government distrust us? They are here to serve us, and our opinions are really important to them - we event vote for them for crying out loud. I sure know my vote counts, I see it all the time. Every big decision the government makes (you know, healthcare, civil liberties, where/when we go to war), a vote is called and we only do if the majority are game. I mean, this is a democracy, right? That's what we do. America - full of proud citizens whose relationship with their government is forged with a mutual respect and understanding.

      --
      mov ah, 4ch
      int 21h
    2. Re:Hey! by cayenne8 · · Score: 3, Insightful
      Geez...who would have ever thought that moving all our manufacturing, especially of IT components offshore would have engendered these types of risks???

      [rolls eyes]

      Seems like now...setting up an expensive chip fabrication plant, all in the US, would be a profitable business venture...market to the US federal govt. only US made electronics, certified not to have foreign malware contained within? Not only would they buy the higher priced components, but would easily pay a premium on top of that for a nice profit.

      It would go down good with politicos too...due to creating new US jobs.

      --
      Light travels faster than sound. This is why some people appear bright until you hear them speak.........
    3. Re:Hey! by arisvega · · Score: 2, Interesting

      confessed to being aware of foreign technology that had been imported with spyware

      This is practically treason - mostly because of the position this individual occupies.

      --
      The three laws of thermodynamics:(1) You can't win. (2) You can't break even. (3) You can't even quit.
    4. Re:Hey! by fuzzyfuzzyfungus · · Score: 5, Interesting

      It would be even cheaper to buy a nice, respectable-looking pre-aged shell company(complete with years of respectable history, in a state with corporate disclosure rules approximately as stiff as Somalia's... Add a lawyer as a corporate officer to gain attorney-client privilege for just a small additional fee!) and then sell counterfeit parts re-marked as True, Blue, All-American ones.

      If you suffer the comparatively unlikely misfortune of getting caught, just fold the shell and buy another one! It's not like you are dealing pot or anything serious, so the risk of having the consequences make it past your corporate person and back to you personally are well worth the profit...

    5. Re:Hey! by Asic+Eng · · Score: 2

      I don't quite follow that. As much as I dislike the whole concept of the DHS: of course he is aware of foreign technology being imported with spyware, it's his job to be aware of threats like that. It's not a new threat either.

      It might potentially be treasonous not to do something about it - but he didn't admit to that, quite to the contrary he gave evidence to the actions they are taking and ought to take.

      BTW is "interested foreign parties" our new code for "China"? Just curious.

    6. Re:Hey! by hairyfeet · · Score: 4, Insightful

      Uhhhh...did you READ what you linked to? Former pres Carter said comparing Obama to Hitler or saying they should have buried Obama when they buried Ted Kennedy is going too far and you know what? He is right. You want to say he is a shitty POTUS? Fine I agree with you as a matter of fact, but comparing him to one of the biggest mass murderers in history is not only ridiculous but an insult to all those that suffered to get rid of the Nazis in WWII. There is a difference between dissent and being a troll, and I think most of us would agree the Bushhitler and Obamahitler posters were just that, trolling.

      As for TFA well surprise surprise to quote Gomer Pile, you send all the manufacturing overseas to a country that has been artificially lowering the value of ITS currency to make sure imports tank and exports rise, a not nice thing to do in the first place, and then you're shocked they may be doing other not nice things like pwning the gear they sell you? Can we get a DUH boys and girls? The very same country that was paying dirt farmers in Kosovo to dig up our crashed F117 so they could steal the tech, THAT country? Naaah, what makes you think they'd do anything naughty?

      To paraphrase a line from one of my favorite movies "Why do you think they are so big? Its because they fucking steal, every idea that ain't nailed down" and what better way to steal ideas that put a bunch of backdoors, rootkits, and other nasties on the products that we are hooked on like crack?

      --
      ACs don't waste your time replying, your posts are never seen by me.
  2. Re:Then subsidize homegrown component manufacturin by JeremyR · · Score: 2

    Yeah, because nothing built in the good ol' USA would ever be compromised.

  3. Story is misleading by Anonymous Coward · · Score: 5, Informative

    Go watch the video of the hearing and listen to what Schaffer actually said. All he says is that he is aware of cases in which products have come into the US with vulnerabilities. He doesn't say a thing about it being done intentionally or that China is doing it or anyone else is doing it. The question was crappy and badly worded, too. 52 minute mark. http://www.youtube.com/watch?v=xFlgaJa4UVk

  4. that photo - what's it got to do with anything? by TheGratefulNet · · Score: 2

    in fact, I think I recognize that. isn't that the computer history museum at the old SGI site in mtn view?

    just seems strange to show a photo of a computer museum. if anything, those old computers would be more trustable now, compared to the complex 'dont know really what is entirely inside' boxes we have now. (I'm half serious).

    --

    --
    "It is now safe to switch off your computer."
  5. this is another pathetic attempt at a power-grab? by TheGratefulNet · · Score: 3, Interesting

    to me, the telling part was:

    During questioning, Schaffer said that a whole-of-government effort would be required to combat security holes caused by malware and spyware making their way through America's electronics supply chain.

    dunno. doesn't that look a bit like a plea for more (intrusive) government powers?

    --

    --
    "It is now safe to switch off your computer."
  6. Re:Then subsidize homegrown component manufacturin by poity · · Score: 3, Interesting

    Well, it'd be easier to catch impropriety here than in China or Taiwan. At least Wikileaks and myriad of other groups aren't afraid of releasing evidence of wrong doing committed by the US entities, and we have plenty of whistleblowers with public interest in mind to provide them the data. If we depend on China for supply, what leaks organisation will dare keep them in check? I suspect no one.

    --
    your thin skin doesn't make me a troll
  7. Re:this is another pathetic attempt at a power-gra by TheGratefulNet · · Score: 3, Insightful

    sorry, one more followup.

    this also irked me:


    The emergence of new centers for manufacturing, design, and research across the globe raises concerns about the potential for easier subversion of computers and networks through subtle hardware or software manipulations. Counterfeit products have created the most visible supply problems, but few documented examples exist of unambiguous, deliberate subversions.

    conterfeit products.

    ugh.

    first of all, SONY comes to mind as a master rootkit installer. was this counterfeit? hardly! most recognizeable brand name, perhaps, in the world.

    second, I would not trust brand names any more or less than 'counterfeit' brands. this does seem like a 'request' for more powers of search/seizure or whatever.

    tell me I'm wrong. please.

    --

    --
    "It is now safe to switch off your computer."
  8. Re:this is another pathetic attempt at a power-gra by chemicaldave · · Score: 2

    On the other side of the coin, it could be his way of saying "Trying to prevent this is sort of thing is futile."