Foreign hardware could be designed to launch cyber attacks against US companies and consumers

Jul 11, 2011 by Katie Gatto weblog

(PhysOrg.com) -- A security official at the Department of Homeland Security recently released a statement that confirmed the idea that some foreign-made computer components are actually being designed to make the job of launching a cyber attack against a U.S. company or consumer easier to do.

While no one at the has been willing to give information about what countries or specific components are in question, or by what methods these components could have been made in order to make cyber attacks easier the department did confirm that this has happened in the past. Greg Schaffer, the Acting Deputy Undersecretary National Protection and Programs Director said, "I am aware of instances where that has happened."

This comment, which confirms that the US government is currently aware of the issue, though the admission only came after a questioning from Rep. Jason Chaffetz, a republican from Utah, during a House Oversight and Government Reform Committee hearing.

How could an attack like this happen? In one scenario a device could be tampered with prior to its distribution in order to carry, or work as a , and allow other malicious software to make its way onto the hardware unfettered. Previously the has been investigating a case where counterfeit versions of Cisco routers were being sold to government agencies. These attacks can be potentially devastating because it can go unnoticed for many months or years while the code silently listens for information such a billing information or .

While many nations are involved in the supply chain of computer hardware no specific nation has been accused or mentioned as a part of this problem.

Explore further: US warns retailers on data-stealing malware

Related Stories

Homeland Security and spy agency to work together

Oct 14, 2010

(AP) -- Computer experts at the secretive National Security Agency are teaming up with the Homeland Security Department in an effort to strengthen the nation's defenses against cyber attacks.

Homeland Security network gets an F

Mar 21, 2006

If the Department of Homeland Security were a high school student, it would be in severe danger of getting left back. For the second consecutive year the department has received a failing grade from the House Government Reform ...

US reviewing ways to fight cyber attacks: general

Sep 24, 2010

The White House is looking at boosting the authority of the US military and other agencies to protect the country's infrastructure from possible cyber attack, a top general said Thursday.

No apparent Stuxnet impact in US: cyber official

Dec 07, 2010

Computer software targeted by Stuxnet is used in US infrastructure but the virus does not appear to have affected any systems in the United States, a US cybersecurity official said Tuesday.

Recommended for you

US warns retailers on data-stealing malware

2 minutes ago

US government cybersecurity watchdogs warned retailers Thursday about malware being circulated that allows hackers to get into computer networks and steal customer data.

Android grabs 85% of smartphone market: survey

22 minutes ago

Smartphones powered by the Android operating system captured 85 percent of the worldwide market in the second quarter, threatening to marginalize rival platforms, a new survey shows.

Irish bookmaker apologizes for 2010 data breach

42 minutes ago

(AP)—Irish betting company Paddy Power announced Thursday it is notifying hundreds of thousands of customers that most of their profile information was stolen in 2010, but hackers did not gain their credit card details ...

User comments : 13

Adjust slider to filter visible comments by rank

Display comments: newest first

KaiKonn
3 / 5 (4) Jul 11, 2011
HELLO?!!?!! This is what happens when we allow overseas entities (China) who are hostile to the U.S produce mission critical hardware for us.
TheGhostofOtto1923
3.5 / 5 (8) Jul 11, 2011
-As if western nations havent already been doing this. What do you think we are naive?
Bob_B
5 / 5 (2) Jul 11, 2011
NSA, anyone?!?
wealthychef
not rated yet Jul 11, 2011
-As if western nations havent already been doing this. What do you think we are naive?

The government is not a monolithic entity. Although the NSA etc. might be well aware of these threats, not every security-sensitive entity is necessarily up to snuff in terms of responding to these threats.
xznofile
5 / 5 (1) Jul 11, 2011
it's possible he was referring to American products carrying malware like suxnet which are sold overseas. What goes around comes around, it's not like nobody was expecting it.
TheGhostofOtto1923
1 / 5 (3) Jul 11, 2011
I'm saying that if anyone can be found misusing technology then we can expect that someone in the west has already done so, and reaped the benefits, and developed the countermeasures to protect critical infrastructure. In fact 3rd world Players may just be acting as agents for western interests when they are found doing this.

Defenses cannot be relied upon until they have been tested by authentic enemies who are intent on breaching them. This is a continuous Process. Defense is critical. If enemies do not exist, sometimes it is important enough to create them for the task, whether they are aware of their Role or not.

This is true in every facet of military endeavor. The most useful Enemies are the ones you create.
ziphead
1 / 5 (1) Jul 12, 2011

If enemies do not exist, sometimes it is important enough to create them for the task, whether they are aware of their Role or not.


Paranoid android, what's next? How about:
"US of A sent Hitler and Hirohito robots back from the future and so they can ensure that Manhattan Project happens."
StandingBear
not rated yet Jul 12, 2011
Take it from me, and I have seen our so called secure military services up close; security is a dangerous illusion. Most so called exercises are a cheaped out sham designed to 'fill a square' on an operational readiness investigation ORI.
As far as the Chinese are concerned, microsoft gave them the source code for all windows in a deal to keep selling the product in China. Our DOD does not have this, and has been playing a losing battle ever since that treasonous act was committed by microsoft. Of course corporations know no country as home but for expedience, so governments should realize that fact and not grant 'corporate citizenship rights' to them nor allow classified information to any corporation, nor to any company or person with any foreign plant, office, money account or employee outside our nation. We once used microsoft windows provided viruses as a weapon of war against Iraq; now the Chinese use the same against us, and we have made it illegal to not use windows.
LuckyExplorer
5 / 5 (1) Jul 12, 2011
Paranoia is a great deal. - A country, in this case the US, can protect the own economy and hurt other countrie's economy.

However, it might be possible that some hardware is designed that way, but for sure, the US or another western country were first in that battle.

It is no secret that (e.g.) the US intelligence services were (are) even supporting US companies with technology or financial information and whatever they find from companies from other countries, and not just to protect the nation. - And I am sure intelligence services from other countries do the same for their companies.

But why do so many US citizens always think that everybody wants to do some harm especially to the US?
antialias_physorg
3 / 5 (2) Jul 12, 2011
Our DOD does not have this, and has been playing a losing battle ever since that treasonous act was committed by microsoft.

This is treason? How so?

The article seems very nebulous to me. Looks more like a "buy american" advert.

Industrial espionage (of foes and allies alike) has long been a regular feature of US policy. What do you think all those radar dishes in US military bases pointing at (e.g. german) high tech companies are for?

But why do so many US citizens always think that everybody wants to do some harm especially to the US?

Because fear is the prime government tool in the US (and has been for the past 65 years - ever since post WWII when someone realized how powerful a tool it is)
TheGhostofOtto1923
1 / 5 (3) Jul 12, 2011
Paranoid android, what's next? How about:
"US of A sent Hitler and Hirohito robots back from the future and so they can ensure that Manhattan Project happens."
Aw that's just silly. The Truth IS, that above a certain Level in this world, everybody is on the same SIDE. There is only one Side. The people have always been the true enemies of Leaders everywhere. Their war is with us, not with each other.
As far as the Chinese are concerned, microsoft gave them the source code for all windows in a deal to keep selling the product in China. Our DOD does not have this, and has been playing a losing battle ever since that treasonous act was committed by microsoft.
Well of course. Constructive competition can only occur among equals.

Many many examples of the west giving enemies secrets, especially right after ww2.
Cave_Man
1 / 5 (1) Jul 12, 2011
OMG i've been talking about this for years!

Ever buy a flash drive? Well its manufactured in china and i would be willing to bet large sums of money that the inspections upon importation are not rigorous enough to detect possible dormant data that could be designed to load onto any system the usb drive plugs into, hell even computer mice, keyboards, mics, cams, RAM, HDD's and ANYTHING ELECTRONIC!

I'd say china has us by the nutsack a long time ago.
frajo
5 / 5 (1) Jul 13, 2011
The difference between "Foreign hardware could be designed to launch cyber attacks against US companies and consumers" and "Hardware could be designed to launch cyber attacks" is all one needs to understand.