[ISN] F.B.I. Says the Military Had Bogus Computer Gear

InfoSec News alerts at infosecnews.org
Fri May 9 07:49:01 CDT 2008 

http://www.nytimes.com/2008/05/09/technology/09cisco.html

By JOHN MARKOFF
The New York Times
May 9, 2008

SAN FRANCISCO — Counterfeit products are a routine threat for the 
electronics industry. However, the more sinister specter of an 
electronic Trojan horse, lurking in the circuitry of a computer or a 
network router and allowing attackers clandestine access or control, was 
raised again recently by the F.B.I. and the Pentagon.

The new law enforcement and national security concerns were prompted by 
Operation Cisco Raider, which has led to 15 criminal cases involving 
counterfeit products bought in part by military agencies, military 
contractors and electric power companies in the United States. Over the 
two-year operation, 36 search warrants have been executed, resulting in 
the discovery of 3,500 counterfeit Cisco network components with an 
estimated retail value of more than $3.5 million, the F.B.I. said in a 
statement.

The F.B.I. is still not certain whether the ring’s actions were for 
profit or part of a state-sponsored intelligence effort. The potential 
threat, according to the F.B.I. agents who gave a briefing at the Office 
of Management and Budget on Jan. 11, includes the remote jamming of 
supposedly secure computer networks and gaining access to supposedly 
highly secure systems. Contents of the briefing were contained in a 
PowerPoint presentation leaked to a Web site, Above Top Secret.

A Cisco spokesman said that the company had investigated the counterfeit 
gear seized by law enforcement agencies and had not found any secret 
back door.

“We did not find any evidence of re-engineering in the manner that was 
described in the F.B.I. presentation,” said John Noh, a Cisco spokesman. 
He added that the company believed the counterfeiters were interested in 
copying high volume products to make a quick profit. “We know what these 
counterfeiters are about.”

An F.B.I. spokeswoman, Catherine L. Milhoan, said the agency was not 
suggesting that the Chinese government was involved in the 
counterfeiting ring. “We worked very closely with the Chinese 
government,” she said. Arrests have been made in China as part of the 
investigation, she said. “The existence of this document shows that the 
cyber division of the F.B.I. has growing concerns about the production 
and distribution of counterfeit network hardware.”

Despite Cisco’s reassurance, a number of industry executives and 
technologists said that the threat of secretly added circuitry intended 
to subvert computer and network gear is real.

[...]

More information about the ISN mailing list