Former Pentagon Analyst: China Has Backdoors To 80% of Telecoms

An anonymous reader writes "A former Pentagon analyst reports the Chinese government has 'pervasive access' to about 80 percent of the world's communications, and it is looking currently to nail down the remaining 20 percent. Chinese companies Huawei and ZTE Corporation are reportedly to blame for the industrial espionage. 'Not only do Huawei and ZTE power telecom infrastructure all around the world, but they're still growing. The two firms are the main beneficiaries for telecommunication projects taking place in Malaysia with DiGi, Globe in the Philippines, Megafon in Russia, Etisalat in the United Arab Emirates, America Movil in a number of countries, Tele Norte in Brazil, and Reliance in India.'"

Wait, what?

[girlintraining]

This "former pentagon analyst"... Did he have access to intelligence reports of this nature? If so, and he's disclosing this now, I'm assuming the relevant documentation would be available via a Freedom of Information Act request? Since disclosing classified intelligence would be an act of treason, you know.

Just out of curiousity, this "former pentagon analyst" wouldn't happen to be employed with a defense firm now that would stand to profit from any products the company offers to combat this threat, would it? As many a scientist has uttered before, "Extraordinary claims require extraordinary proof." That doesn't change because we're discussing a matter of national security: You still have to put up, or shut up.

Re:Wait, what?

I'm sure there is someone profiting off this. I'm also sure it's true. The problem is we don't require the source code to be free and readily available. THIS STUFF SHOULD BE PUBLIC INFORMATION!

It might not stop hackers although it would give us the opportunity to lock down infrastructure. The code should be reviewed by security experts.

Re:Wait, what?

[k(wi)r(kipedia)]

Right. The not so Fine Article is low on details. It makes a grand connection between two rather uncontroversial facts: (1) Chinese net equipment can be found in an overwhelming majority of countries around the world and (2) the Chinese engage in cyberwarfare (as does the US and a few other advanced countries). Conclusion:

The Chinese government and the People's Liberation Army are so much into cyberwarfare now that they have looked at not just Huawei but also ZTE Corporation as providing through the equipment that they install in about 145 countries around in the world, and in 45 of the top 50 telecom centers around the world, the potential for backdooring into data.

Emphasis added on the word potential. Now where's the proof (preferably from a chip teardown by a reputable hardware hacker or hacking group)?

Re:Wait, what?

[gtall]

Apparently, he writes stuff for www.wnd.com...kind of hard to tell what they are but they seem to be a net media company. Anyhow, the fellow saying these things, Michael Maloof, seems to be saying a lot of things on WND. It is hard to believe that he'd be revealing secret information because he'd be arrested for that sort of thing. So maybe he's just running off at that mouth? It wouldn't surprise me that Huawei (I think's that's pronounced Way-Way) has back doors in their equipment given their relationships with the PLA.

So at least on the surface your knee-jerk reaction appears to be unsubstantiated, he's not overtly working for a defense contractor.

Re:Wait, what?

[girlintraining]

Emphasis added on the word potential. Now where's the proof (preferably from a chip teardown by a reputable hardware hacker or hacking group)?

There won't be any. Anyone with the capability of analyzing and reverse-engineering thousands of ICs would need deep pockets -- Either a large corporation or a government. A hacking group won't have the resources, even a well-funded one. You're talking about several hundred highly trained engineers from a dozen different disciplines working for years on the project, with no return on investment. There's no reason for a large corporation to conduct such business domestically -- they already have comparable products, and the Chinese equipment doesn't have any capabilities that aren't commonly available elsewhere. That leaves governments with a GDP in excess of a hundred billion USD per year. Short list. Said governments wouldn't disclose the results of such a search either, as it's a legitimate intelligence asset that would need to remain classified -- you don't want your enemy to know what you know, especially not before you come up with a way to defend against the attack or co-opt the infrastructure for your own purposes.

Second, forensically analyzing tens of thousands of chips and microprocessors would be pointless anyway: There still has to be some method of communicating the information back, and they can't compromise the entire communications chain, which is what would be required. Telecommunications equipment is designed to be evesdropping-friendly; Complete with port mirroring, trace and audit logs, selective forwarding based on rules... it's all standard. We're not even talking about the law enforcement black boxes, this is just stuff used for legitimate business purposes. The moment any such 'bug' went active, it would set off alarms -- by necessity, the communications would have to occur over the provider's own network. Unless their network admins are idiots they should notice the abberant traffic.

China would have to be very stupid to leverage such an intelligence asset for peanuts; It's basically a one-shot, and it would cost them billions in telecommunications contracts domestically. So if they do have such a capability, they're not going to use it until the value of the intelligence they would gain from it equals or exceeds that amount.

So there's two arguments right there based just on the economics of the situation. I strongly suspect that this unnamed pentagon analyst is being paid to spread disinformation. Such disinformation would serve the purpose of keeping the american public sucking the tit of the Department of Homeland Security's fear juice, and exaggerating our actual intelligence capabilities -- rather than waste hundreds of millions on a reverse engineering project that could never be made public, we'll just insinuate that "We know. We're on to you," and rattle our sabre a little. Maybe it deters them, maybe it forces them to expend resources to find out whether we're telling the truth or not, but it costs us nothing to make such a statement.

Re:Wait, what?

[number11]

This "former pentagon analyst" is a writer for WND, a rightwing web news site with all the credibility of the National Enquirer.

Not to say that China wouldn't build backdoors into telco gear, of course they would. The US requires telcos to provide access for it to spy on calls, it wouldn't particularly surprise me if the Chinese just built it in without talking publicly about it. After WWII, many countries purchased Swiss encryption gear, and many years later it was divulged that the US had inserted a backdoor into that gear. Why would China, or telco gear, be any different?

The fact is, around the world everyone should assume that anything done over a telephone is shared with unknown parties. Unless they've got trustworthy gear to encrypt calls end-to-end.

Re:Wait, what?

[LordLimecat]

Article read like FUD.

As a consequence, sources say that any information traversing "any" Huawei equipped network isn't safe unless it has military encryption.

Wow, military grade encryption? Would that be, like, AES, one of the most widely deployed, tested, and recognized encryption schemes out there? Wow man, that stuff is hard to come by.

I also like the implication that unless you have a VPN, it will still magically find its way out to Huawei regardless of what other network controls you have in place. Having backdoors is one thing, getting thru a firewall is something completely different.

Sources add that most corporate telecommunications networks use "pretty light encryption" on their virtual private networks, or VPNs.

Proprietary information could be not only spied upon but also could be altered and in some cases could be sabotaged.

Someone want to explain to me the difference between "altered in transit" and "sabotaged"?

Im sorry, when so many of the assertions in the article read like uninformed drivel, its kind of hard to take the headline seriously. I have a strong feeling that the person who wrote this doesnt understand any of the terms hes going on about.

Re:Wait, what?

[Luckyo]

He's just ignoring the convenient fact that US has access to 100% by the same measuring stick.

Re:Wait, what?

If I were China, I would put spying devices into hardware we build for well known American Telecom companies. Everything is made in China these days, with all the CAD files, firmware binaries, hardware schematics etc. all handed over to the factories in China.

Why ruin your own brands when the American brands can get into more places.

Re:Wait, what?

National Enquirer, the "non-credible" news source that first ran the story on John Edward's affair and child out of his marriage while on the campaign trail. The same news source that broke the story on Jessie Jackson's illegitimate child that he was funnelling hundreds of thousands from his organization to keep the mother quiet.

While 10 years ago I would have agreed with that comment of yours, they are now more accurate and truthful than NBC has been over the last few years. NBC had both of those stories I listed, but decided to bury them leaving the Enquirer the only news outlet that would run them, and both turned out completely accurate.

Re:Wait, what?

[mysidia]

If the source code were free and publicly available.... still... how do you verify the code on the device was compiled from the source you were given, and there's not a hardware component that changes the code after it's in memory?

Re:Wait, what?

[jcr]

Since disclosing classified intelligence would be an act of treason, you know.

Espionage, not treason. Under American law, there's a very specific definition of treason.

-jcr

Re:Wait, what?

[erp_consultant]

Exactly. More DHS scaremongering in yet another lame attempt to justify their existence. Started nine years ago it is now one of the largest departments in the entire federal government with 260,000 employees. Under the guise of combating "terrorism" - a very broad term that can mean whatever they want it to - and bolstered by the Patriot Act, this agency violates the rights of American citizens on a daily basis. And just like every other federal agency, it's never going away. It will only get larger.

Re:Wait, what?

[sg_oneill]

I wouldnt actually be surprised if there was some substance. A while back, when Australia was doing its tendering for constructing the national broadband network (fibre to the home + backbone upgrade), it excluded these companies on the grounds of "security concerns" but declined to state why. It was puzzling as australia is as close to china as we are to the united states, and perhaps more so economically.

Perhaps the US Pentagon had a word to Australian intelligence about the concerns, and this guy has heard those concerns too.

Re:Wait, what?

[Fjandr]

There wouldn't necessarily be alarms. After all, the use of Cisco's IOS backdoors, last I saw, had the problem of being so quiet that surreptitious use by black hats could not be detected easily. If the people who actually constructed the backdoors were using them appropriately and designed them for completel transparency, I wouldn't make a bet against them being able to use them unnoticed. It's been done before, as recently as 2010 (the last time I read an updated report of IOS LEA intercept problems).

Re:Wait, what?

[cold+fjord]

Strange Loops: Ken Thompson and the Self-referencing C Compiler
Reflections on Trusting Trust - Ken Thompson

Re:Wait, what?

[Solandri]

Even if you verify the source code is clean and compile it yourself, you're still vulnerable. The compiler could have a trojan hidden in it which inserts a backdoor when it detects certain functions are being compiled. And if you compile your compiler yourself? Well what's to say the compiler you use to do that doesn't have a trojan which inserts the trojan I just mentioned into your new compiler? And so on.

Basically, if you want to be 100% sure your code is clean, you have to write it (including any compilers you use) from scratch. Perhaps the most pertinent quote from that paper: "As the level of program gets lower, these [deliberately inserted] bugs will be harder and harder to detect. A well installed [hardware] microcode bug will be almost impossible to detect."

Re:Wait, what?

[Solandri]

Sorry for the broken link. Here is the correct link. It should be required reading for anyone involved in computer security.

Re:Wait, what?

[Alex+Belits]

Right, and "everyone involved in computer security" knows that this is completely unrealistic because modern compilers do not share common origin.

Re:Wait, what?

[repvik]

Bogus backdoor: http://erratasec.blogspot.no/2012/05/bogus-story-no-chinese-backdoor-in.html

Re:Wait, what?

[kasperd]

Anyone with the capability of analyzing and reverse-engineering thousands of ICs would need deep pockets

No need to look at thousands of ICs. Looking at a few of the most interesting targets is still going to be valuable.

A hacking group won't have the resources, even a well-funded one. You're talking about several hundred highly trained engineers from a dozen different disciplines working for years on the project

I know one person who using just off the shelf equipment was able to read the ROM from a microcontroller in his sparetime. All it took was a cheap microscope and a webcam.

There still has to be some method of communicating the information back, and they can't compromise the entire communications chain, which is what would be required.

Covert channels can be very hard to detect. You don't need to compromise the entire chain. You just need to piggyback on a legitimate communication for hops between compromised equipment. For example VPN hardware could piggyback on legitimate connections by using some encrypted data instead of random values for sending packets over the Internet. A compromised router anywhere on the path the VPN connection takes could pick out the data. Now the data is on a router on the public Internet. There are plenty of ways to get the data from there. First of all the attacker could very well have a legitimate connection going through that router, now it just needs a covert channel to send data from that router.

Sending data from the router without risk of being noticed is slightly more tricky. The question is, would you take the risk of modifying packets in the hope that nobody is actually comparing the packets going into the router and out of the router? If you modified the IPID field of every packet going through the router, that would produce a feasible covert channel. It would not be immediately detected, but would be visible if you carefully inspected the traffic. Notice that it would not be sufficient to look at the traffic through the router in a lab before deployment, because the router wouldn't be sending any covert data until instructed to do so.

A more stealth method would be to just use the IPID field of packets generated by the router. There is no incoming packet to compare against. But extracting data that way without being visible takes time. You can run a traceroute that happen to pass through the router, then it will need to send three response packets (with the common settings). Each time you run a traceroute passing through that router, you could extract 6 bytes of data.

China would have to be very stupid to leverage such an intelligence asset for peanuts; It's basically a one-shot, and it would cost them billions in telecommunications contracts domestically.

Valid point, however even if it was noticed, it would be hard to prove who was behind.

Re:"Don't ever invade China"

Never fight a LAN war in Asia.

Australian govt bans huawei from national network

[bug1]

There was a story a few months ago about how Australia banned Huawei from involvment in a big project, they didnt say why.

http://tech.slashdot.org/story/12/03/24/0424215/australian-govt-bans-huawei-from-national-network-bids

The U.S. has like 99% listening coverage.

[cpu6502]

We even have the power to shutdown foreign companies like Megaupload w/o needing to prove they did anything wrong. But we're the "good" guys. So that makes it okay. After all we only killed 300,000 people this last decade, versus China who killed..... ummm..... wait there's something wrong with my theorem.

Re:The U.S. has like 99% listening coverage.

China has killed tens of millions of their own people under communism in the last 60-70 years. Huh? You think China's the nice or good guys??? Sarcasm doesn't bold well here.

Re:The U.S. has like 99% listening coverage.

[WindBourne]

Yes, things from 200-400 years ago, is certainly relevant to the conversation. And I hate to say this, esp. to another AC troll, but the slaves were captured by Africans, brought and instituted here by the europeans, and it was our war to say NO to it that costs us.

OTOH, a civil war, is not the same thing as going after your citizens to make them support you 100% or die.

Re:The U.S. has like 99% listening coverage.

[fredprado]

The problem is, once the guy is extradited to anywhere else within US he can end in Minnesota or Texas, or whatever place they decide to send him in.

US may not be as bad as North Korea, but it is every bit as bad as China these days. Both are countries were justice is unreachable for common people, and where dominant groups do basically whatever they want. China censures information, US floods it in an ocean of propaganda and disinformation. In the end all is the same.

Re:The U.S. has like 99% listening coverage.

[Sarten-X]

China executes roughly 5000-8000 people each year for various crimes. The United States has been declining since 1999, and is currently somewhere around 40 per year. Accounting for (rather than ignoring) scale, China executes about 30 to 40 times as much of its own population as the United States. Of course, that's just one metric, but it's pretty illustrative.

China is big, but it's not big enough to dilute its atrocities.

Re:The U.S. has like 99% listening coverage.

[WindBourne]

No. The communist invasion and takeover of China did not last that long. In fact, it was over in 1949. From 1949 until about 1979, the Chinese were gutted by the communist party. In many ways, it was worse than stalinism. To this day, the Chinese communist party still runs with a constitution that says what rights the citizen has (which are VERY limited) and that all else, belongs to the state. More importantly, China runs roughshod over those rights unless it becomes an issue in the LOCAL papers or businesses.

To try and compare this to slavery from over 250 years ago, or to a 4 year civil war, is ridiculous.

Re:The U.S. has like 99% listening coverage.

[cold+fjord]

Well said. To which I will add this reference:

The Black Book of Communism - translated by Jonathan Murphy and Mark Kramer - available at Barnes & Nobel and Amazon.

Review by Daniel J. Mahoney, American Enterprise, of: The Black Book of Communism

The six contributors to this book are all French, and all hail from the Left. The book's original publication in France created a sensation, because its cumulative effect is to establish that Communism is the twentieth century's fiercest practitioner of state violence and "crimes against humanity." It forthrightly challenges the claim that Nazism has a monopoly on "absolute political evil" in our time.

The chapters on the Soviet Union and China are as powerful as they are in large part because their authors, Nicolas Werth and Jean-Louis Margolin, avoid excessive polemics and allow the evidence to simply speak for itself. If anything, Werth is excessively conservative in his estimates, drawing almost exclusively from not always reliable "official" party and state archival materials to verify politically--inspired deaths and incarcerations in the Soviet Union. Despite the limits of this method, Werth concludes that the Bolshevik regime was responsible, directly or indirectly, for the deaths of 20 million people between 1918 and 1956, and for the imprisonment in camps of millions more. He demolishes the notion of a good Lenin and a bad Stalin by showing that terror defined the Soviet regime from its inception. And he concludes that there is no basis for the claim that the terror of the 1930s was driven by overzealous Party and police officials acting independently of orders.

Likewise, Margolin's chapter on China shows that the crimes of Maoism are rooted in ideological hubris and a denial of the humanity of political or class "enemies." Margolin demonstrates that Mao committed crimes unprecedented in Chinese history, and damaged the nation in everything from economics to ethics. The devastating consequences of Mao's rule: 65 million lost lives. Perhaps the deepest reason The Black Book has sparked controversy is that it argues Communism is as intrinsically perverse as Nazism. Editor Stephane Courtois argues that Communist crimes, like Nazi ones, partake of the desire to eliminate groups of people on the basis of their origins, not because of any individual culpability or responsibility. He denies that Communism's crimes have any right to be excused or qualified because they were committed in the name of egalitarian principles. Courtois shows that Communism is an exterminationist ideology which selects its enemies on the basis of class. Aleksandr Solzhenitsyn suggested in The Gulag Archipelago that the USSR's war against the independent peasantry--the so-called "de-kulakization" campaign --was the first systematic effort to eliminate an entire class of people for ideological reasons. In this sense, Hitler was Lenin's and Stalin's faithful pupil.

Why Doesn't Communism Have as Bad a Name as Nazism?

FUD ?

[Kohath]

There's something of a cottage industry in spreading FUD about Huawei and ZTE. Why should anyone believe this stuff? (Or, for that matter, why should we believe much of anything in the news or on web sites?)

Re:FUD ?

[hjf]

So you buy Cisco and are subject to US backdoors.

Re:Australian govt bans huawei from national netwo

[Crypto+Gnome]

Actually they DID say why: specifically it boiled down to "because we cannot be *absolutely certain* that the Chinese Government does not have such a close relationship with Huawei that deploying their equipment would not (ever) compromise our national security".

Seems to me that someone in The Australian Government has learned a few important life lessons from The X-Files. (ie trust No-One).

Either that (a) or (b) they're just playing The Obvious "Devil You Know / Devil You Don't" card; and/or decisions were influenced by vendor-$ and Huawei could-not/would-not/weren't-given-a-chance-to cough up enough.

Personally Option (b) sounds more typical of government.

I for one will be eternally surprised to see any government making a well researched, informed, well reasoned decision - they're almost always a pack of retarded monkeys interested in looking after themselves and their friends.

Go On Mr Government - PROVE ME WRONG - I Dares Ya!

Re:espionage?

[tomhath]

Last I checked the NSA wasn't bidding on contracts to build telecommunication infrastructure. Of course they might have shell companies that do, kind of like China has Huawei and ZTE

Common Knowledge for Years!

[GiantRobotMonster]

I'm surprised at all the surprise?!
I thought it was pretty common knowledge that Huawei and ZTE were run and funded by the Chinese Military.
They have been using their financial muscle to undercut and bribe their equipment into as many countries telecoms infrastructure as they possibly can for over five years now.

Re:Common Knowledge for Years!

[marcosdumay]

The day is coming...

What day? The day the Chinese army will be so busy fighting their own people that they'll have to stop spying overseas? Because that's the war they are currently fighting.

Re:Common Knowledge for Years!

[dbIII]

I thought it was pretty common knowledge that Huawei and ZTE were run and funded by the Chinese Military.

Hopefully it will soon be common knowledge that a lot of industries in China are run and funded by the Chinese Military so this connection really means nothing in isolation. They are probably about as big and diversified in their holdings as coca-cola these days if not bigger, and 99% of the time they are in it for the money. Those childrens toys made by a company owned by the Chinese Military are not there so they can spy on our kids, they are there to help pay for a new aircraft carrier. The separation of state and private companies that we are used to seeing in democracies is instead a tangled web in China, with odd gaps such as entire huge open cut coal mines with thousands of miners that the government has zero involvement with (to the point where they are not even on a map, let alone taxed).

Re:at least they dont have control over my server!

[Farmer+Tim]

Yes, yours is server of highest security, without so-named rear entrance contained within network controller cards. Please continue use with utmost faithin separation between the wise and glorious Communist party and our approved manufacurers.

Yours sincerely,
Ministry of State Security, PRC.

Oh no, the yellow peril is upon us!

[Jeremy+Erwin]

The second link is to "World Net Daily", a site that has about as much credibility as the John Birch Society.

It is a LIE

[WindBourne]

There are all sorts of ppl that are on this site, and others, saying to look the other way. The Chinese would NEVER spy on the west, or put in backdoors to use for an offensive attack. I mean, these ppl all know that the communist China are the good guys. Likewise, that bunch of Chinese naval ships caught 50 miles off the phillipines coast is a non-issue is well. The fact that they were close to a number of telecom trunks has no bearing on anything.

So, relax. China will not try what they did to India. And the communists are heading towards being capitalists so there is no chance that they are working to kill off the west.

Re:It is a LIE

[WindBourne]

China would be propping up economies only IF it were buying other goods from other nations. Instead, it cheats by fixing their money to western money, subsidizing and dumping on foreign markets thereby destroying western economies, and then blocking everything except for nations that they want to woo, or have raw resources.

China's action are a big part of why we are having a meltdown in the global economy 5 years ago and now again.

Re:espionage?

[WindBourne]

Sigh. How much global telecom info does NSA look at?

Personally, I would be more upset about the ability of China to shut down our infrastructure just prior to an attack, then their ability to listen. Listening is about 'Trust, but Verify'. Shutting down infrastructure is what you do to your enemies that are stupid enough to trust your word (esp. when you have been breaking it all along).

Re:He's right.

[cold+fjord]

Penny wise, pound foolish.

Re:He's right.

[arth1]

No, THEY have. We keep getting the stuff they make, and they get US dollars.

They don't always get dollars - due to the trade imbalance, they get IOUs. Our debt to China increases every year, and China can't cash in on it, because that would crash our economy completely, and they would get even less.

We're like an old exiled royal who lives on debt - nobody dares to call him out on being insolvent and having a snowball's chance in hell of ever getting to his former riches, because that would make the chits and IOUs people hold (much of it from when he was solvent) worthless. So everyone continues to lend him money to keep the pretence of solvency and prevent him from defaulting, yet will quietly sell off the debt to new players if given a chance.

Re:So?

[dbIII]

The allies got thrown a crumb of intelligence every now and again (apparently) and were to an extent complicit. The amusing thing is the existence of Echelon was confirmed by an idiot in Australian politics that complained it didn't give him forewarning of events in nearby PNG despite complete coverage of the telecommunications systems in that country. PNG had the system forced on them as part of an aid deal, so were not complicit, but their government knew it was there and avoided discussing issues of international interest on the telephone.

Bollocks

[1u3hr]

The source article is on http://www.wnd.com/, which is a pretty wacky looking right wing "news" site. Its top stories currently are :

Gun shop veto draws legal fight
Traveler says no to U.S. internal checkpoints
Blogger: Why don't blacks behave?
Cross-bearing Texas teen arrives In D.C.
Reviewer: It doesn't look like we're repenting
Poll: Majority favor extending all Bush tax rates

Detecting a trend?
Anyway the article in question simply says that 1) Chinese companies make most of the telecom switching gear. 2) Therefore, China's military has backdoored it all and is spying on every byte anyone transmits.

Of course, this is conceivable, but there isn't a shred of evidence. Spying on such a huge scale would require huge infrastructure and data transmission, basically duplicating the entire Internet. That might be detectable.

Re:He's right.

[cold+fjord]

Pervasive espionage.

Chinese step up computer espionage against United States
FBI estimates there are currently more than 3,000 corporations operating in the United States that have ties to the PRC and its government technology collection program.
Chinese telecom firm tied to spy ministry

The report by the CIA-based Open Source Center states that Huawei’s chairwoman, Sun Yafang, worked for the Ministry of State Security (MSS) Communications Department before joining the company.

The report on Huawei’s board members states that Ms. Sun used her connections at MSS to help Huawei through “financial difficulties” when the company was founded in 1987.

Based in part on Chinese media reports and Huawei’s website, the report reveals that the Beijing government paid Huawei $228.2 million for research and development during the past three years.

I'm sure you can figure out why this might be important. . . well, maybe not.

Re:He's right.

[arth1]

What, according to this theory, accounts for the fact that everyone in the world, including China, continue to buy newly issued U.S. debt at historically low interest rates?

It's already answered in the very post you reply to.
But, in smaller spoonfuls, consider this:

You lend $100,000 to John, an upstanding fellow. Then John loses his job and starts drinking. He then comes to you and says "I fear I'm going to default on my loans and have to file for bankruptcy unless someone can lend me $5,000 at low interest".
You now have the choice of:
(a) lending him the money and hope that either
    (a1) you get to sell the debt at a smaller loss before he goes bankrupt, or that
    (a2) John manages to get back in shape enough to pay his interest rates. ... or
(b) refusing his plea, and watch him file for bankruptcy, making it
    (b1) a certainty that you'll lose the entire $100,000, and
    (b2) a distinct possibility that John gets so pissed that he carpet bombs your house.

Your best bet may be to lend him the money and try to convince others that he's solvent.

This isn't a new type of dilemma - it's happened quite a few times in history, often in the final time before bubbles burst.

This guy is right.

[r00t]

Imagine a chip, made in China, that has a network connection (to China) and can DMA to/from your RAM.

Oh, hey, you have one: your Ethernet chip. Shit. We're fucked.

Also notice the chips in your wireless router, cable modem, cell phone, cell tower, USB stick, USB port, etc.