Wednesday, March 12, 2008

Counterfeit Chips Raise Big Hacking, Terror Threats, Experts Say

Via popularmechanics.com -

This past January, two brothers from Texas, Michael and Robert Edman, appeared in court to face federal charges of selling counterfeit computer equipment to, among others, the Air Force, Marine Corps, Federal Aviation Administration, Department of Energy, numerous universities and defense contractors such as Lockheed Martin. According to prosecutors, the pair, working largely out of Michael Edman's house in the rural town of Richmond, bought cheap network cards from a supplier in China. They also purchased labels and boxes carrying the logo of Cisco Systems, the U.S.-based hardware giant. Until a source in China tipped off the FBI, no one could tell that the parts were Cisco knockoffs rather than the real thing.

An attorney for the Edmans says that they, too, were victims—duped by overseas suppliers. But one thing is clear: The case is about a lot more than trademark infringement. Security experts warn that as supply chains become more global and more opaque, no one can be sure what parts are going into the computers that run, well, everything—from air traffic control towers to banks to weapons systems. Secretary of Homeland Security Michael Chertoff raised the issue recently at a briefing attended by Popular Mechanics and others. "Increasingly when you buy computers they have components that originate ... all around the world," he said. "We need to look at ... how we assure that people are not embedding in very small components ... that can be triggered remotely."

Software vulnerabilities and online scams receive plenty of public attention. Viruses, Trojan horses, spyware, phishing schemes that trick people into providing financial data—all have made headlines in recent years. The emerging hardware threat is different. Imagine buying a computer, printer, monitor, router or other device in which malevolent instructions, or at least security loopholes, are etched permanently into the silicon.

Individuals, companies and federal agencies could all be at risk from foreign governments or criminal enterprises. A computer chip built with a subtle error might allow an identity-theft ring to hack past the encryption used to connect customers with their banks. Flash memory hidden inside a corporation's networked printers could save an image file of every document it printed, then send out the information. In a disturbing national-security scenario, overseas agents might be able to hard-wire instructions to bring down a Department of Defense system on a predetermined date or in response to an external trigger. In the time it took to bring the systems back online, a military assault could be underway.

No comments:

Post a Comment