- Wednesday, 25 November 2009
- INQ Mobile
- RSS
We do not write because we want to; we write because we have to - Somerset Maugham
FBI fears counterfeit Cisco gear
THE FBI is apparently very concerned that counterfeit networking equipment -- specifically mostly Cisco router and switching gear -- that has been installed in government, military and private network infrastructures over several years might present national security risks.
The FBI's fears are outlined in a Powerpoint presentation obtained by Above Top Secret. Briefly, the US national security establishment is afraid that either Chinese government agents or Chinese hackers, or both, might have hard to find if not undetectable back-doors into supposedly high security government, military and critical infrastructure networks, and might have had for years.
The problem stems from the practice of government and private procurement offices buying equipment from lowest bidders. Since computer and networking equipment vendors such as Cisco and others often don't sell direct, but rather through layers of distributors and resellers, and procurement processes might have multiple levels of subcontractors, both incentives and opportunities exist for suppliers to deliver counterfeit equipment either knowingly or unknowingly.
As the presentation makes clear, the FBI as well as rest of the US intelligence establishment is fairly freaked out about the possibilities raised by finding out that there's complicated but counterfeit networking equipment, manufactured in China rather than in California, installed in many places in a lot of sensitive US network infrastructures.
A detailed discussion about why this situation might be of legitimate concern to those charged with overseeing US national security is available, so we won't reiterate that here; if you're interested, you might go read that at your leisure.
However, the FBI's high state of alarm about all this does seem perhaps a bit overblown. The Chinese are used to counterfeiting Western consumer goods and high technology products just to make a few yuan wherever they can. One may almost say that the US and other countries have in effect collaborated to train up Chinese industry to do just that by buying their low cost products and occasionally looking the other way about, er... inconvenient legal restrictions.
After all, much of the counterfeit equipment is actually detectable because it is cheaply manufactured. If a Chinese intelligence agency really wanted to place a back-door into a piece of equipment in a sensitive US government, military or critical infrastructure networking nexus, it would likely buy a real Cisco router card and replace just a few critical components, making the stealth substitution virtually undetectable. More likely, the counterfeiters are just into it for money.
The FBI shouldn't get its knickers in too much of a twist over all this, recalling that old J. Edgar Hoover wore women's silk knickers that were made in China. ยต
L'Inq
Above
Top Secret
Share this:
ShareBusiness Intelligence Software
Customer Relationship Management (CRM)
Enterprise Accounting Software
Enterprise Resource Planning (ERP)
Enterprise Systems Management
All these cost cutting measures make me proud to be an American.
I'll bet genuine Cisco routers aren't made in California. In fact, they are probably made in China. If not, certainly most of the components are.

It is unlikely that the Chinese would have a hardware hack that implements a backdoor, it would be far more likely with software. All they need for that is a copy of Cisco's IOS source code. I don't suppose they've ever employed a Chinese national with a sufficient level of access to snag a copy of the source? ;)

Once you have that, you just need to make a few modifications. One, to insert your backdoor. Two, to modify the code that installs updated firmware images to insert that backdoor into and the modified code that installs updated firmware images itself.

See "On trusting trust" by Dennis Ritchie (you'll find it via google)

This is what the FBI should be worrying over, not counterfeit but likely 100% identical router hardware.

Doug
Is there any guarantee that there is no backdoor in Cisco equipment, intentional or not? Users outside the US may want to reevaluate the possibilities.

http://www.heise.de/newsticker/Insecure-by-Design-Cisco-Produkt-ab-Werk-mit-Backdoor--/meldung/105068
There's a simple solution to the problem ... its called a pre-emptive strike. About 75 to 80 well placed blasts would be all it would take to neutralize the Chinese threat. I'd do it in a heart beat.
http://www.phrack.org/issues.html?issue=65&id=9#article
Companies looking for a safe environment for purchasing used networking equipment should make sure they are dealing with a member of the United Network Equipment Dealer Association (www.uneda.com). More than 300 members worldwide work together to promote and uphold the highest standards and best practices when it comes to buying and selling legitimate pre-owned gear from all the leading OEMs. Together, UNEDA members sell more than $2 billion in pre-owned gear annually to over 10,000 customers, fueled by an increased supply of and demand for pre-owned network routers, switches, access servers, security products and VoIP phones/telephony products at savings of up to 90 percent off OEM list prices.