Posted on 05/22/2012 8:42:58 AM PDT by the scotsman
'More than a million fake electronic parts from China have been found in US military aircraft, posing a risk to national security, an investigation has revealed.
A report by the US Senate uncovered 1,800 cases of bogus parts - including some in special operations helicopters and the US Air Force's largest cargo plane. The total number of individual components involved in these cases exceeded one million, the Committee on Armed Services publication said.
"This flood of counterfeit parts, overwhelmingly from China, threatens national security, the safety of our troops and American jobs," committee chairman Senator Carl Levin said. "It underscores China's failure to police the blatant market in counterfeit parts - a failure China should rectify," he added.
As part of a year-long investigation, the US Government Accountability Office created a fictitious company and purchased electronic parts on the internet. Of the 16 items bought, all were counterfeit and some had bogus identification numbers. The components came from suppliers based in China - which Senator Levin described as the "epicentre of electronic part counterfeiting".
The report accused Beijing of openly allowing counterfeiting operations, and said attempts by officials to get visas to travel to China as part of the probe had failed. US authorities and contract companies contributed to the problem by not detecting the fakes and routinely failing to report them, the report said.
The Defense Department was also criticised for lacking "knowledge of the scope and impact of counterfeit parts on critical defence systems".
Committee member Senator John McCain said the prevalence of bogus parts made the country vulnerable and posed a risk to "our security and the lives of the men and women who protect it".'
(Excerpt) Read more at uk.news.yahoo.com ...
Thanks sp.
cherry1: “...If one of my critical systems lets go in an unpredictable, untimely, catastrophic way I dam sure want to go eyeball-to-eyeball with the retrograde bleephole who made it AND the slimeball who sold it to me
WRONG. You should go toe to toe with the "retrograde bleephole" whose acceptance criteria and test program allowed a faulty or fraudulent component into your critical system because they merely trusted what was written on the label.
sten: you do realize systems can be compromised, right?
Of course. Which is why a boycott of components marked "Made in China" and blindly trusting parts made elsewhere is dumb. Your test regime should identify fraudulent and substandard and "magic backdoor" components....not the label on the damn shipping carton.
That's how the original Trojan Horse gambit worked!!!!! herrrow!!?
I think that's true. I believe that doctrine dictates that they don't go in until we've achieved decisive air superiority.
As to the service life of the BUFF, I wish they'd go ahead and fund the long-stalled project to re-engine the beasts with four modern engines: CF-6 or even GenX.
I’ll agree with your post because it is (mostly) accurate - I’ll get to the qualifier in a bit. I should’ve been more to the point that I was not referring to only this article, but more to the overall issue of counterfeiting that is well documented and has been going on for a long time. China is a major player in the counterfeit market (I will include fakes and intentional mis-marks in that category). Realistically, China may be the biggest player in this.
I only ever argued the realities of the situation and its impact on quality. I never made any spectacular claims about magic back doors in two or three legged components or anything of that nature - never once alluded to that.
I have seen poor work practices cause the issues inherent in allowing counterfeits and poorly qualified vendors (ones claiming to sell the exact same part - number, marking and all), but when decapped - a very different die appears. These were latent failures that passed a dozen or more very stringent test protocols (both functional and manufacturing defects test types) throughout production and caused a major recall a few years down the road (devices should’ve lasted a minimum of five). Some of this is brought on by cronyism in departmental upper echelon, some of it by desuetude/short term memory of management, or just plain intellectual dishonesty among the same and their reports. These are people skirting the system to make themselves look good short term and get promotions, which only bolsters their clout to the unknowing fops in mgmt as time marches on.
I see the same going on here and have seen what passes for quality in the military first hand (usually whomever does the best job of smoking their superior’s pole or has their lips most firmly attached to their bum is the one who gets the promotion - usually).
Finally, Mil-Specs are (in a lot of cases) somewhat general and left up to interpretation. They assume that the individual engineer will place an emphasis on knowing their product and its limitations. The specs also assume that the cognizant individual will chose a proper method to vet the device within the constraints of their specific design and manufacturing allowances, which best represents usage in a given system. This all hinges on proper qualification of vendors, which is a huge mouthful.
One.
Nobody "builds the world's first uP w/ on-chip ROM...." by themselves.
True that. I did the final design rule check on the layout, and I did all the lithography and etching on the first lot. (Interesting sidebar, I did the DRC in a vacuum, just me, the rules, and a printout with no other info. It really bothered my boss that I told him how many people did the layout, and which areas were done by each, just from the stylistic variations.)
I parleyed one of my patents into a job where I earned over half a million. Other than that, yeah, most of my patents were developed on company time with company resources and company colleagues.
Since I mostly deal with the actual wafer processing most of my improvements remained trade secrets. You know why, don't you?
I also had a former company patent one of my ideas without naming me as the inventor. Too bad they folded before I could sue them *sigh*.
So, enlighten me as to IP agreements...
Agreed, at least as far as you and I know, anyway.
All I'm saying is that such a thing is possible, not that it's ever actually been done.
Here’s some cases of actual prosecution of fraud in chip sales:
And a little article from ECN on what types of counterfeiting there are:
http://www.ecnmag.com/articles/2010/03/fighting-counterfeit-semiconductor-epidemic
If a chip that was never a Moto, AD, TI, etc chip has a Moto, AD, TI logo on it, I don’t care what the exact part number is/was. The fact is, the ChiComs are peddling their shite under the name of a reputable company. Same deal in rifle scopes: If the phony scope is carrying the markings of a Leupold and has a name of “Leupold” on it, I don’t care whether it is a 5X fixed power scope that Leupold doesn’t sell: It’s still a counterfeit and a fraudulent use of an established company’s name.
The U.S. Government has become corrupt to the core.
I've wasted lots of time learning the legal side of patents....orders of magnitude more than the "simple" side: the inventing! =)
In process, gaining many of the same black eyes and broken ribs everyone else has gotten from the IP monster.
For that particular case, you do not have to sue. If it was granted, or is still under review, you can file with the USPTO and have the thing invalidated....won't cost you a dime! Even if the company went under, perhaps some creditor assumed the rights? If it's an orphan, and nobody's pursuing it, you could go and file a provisional patent on your own and lay claim to it from scratch, or some novel twist on it in hindsight. If it was rejected, you won't get very far. But if it just died on the review vine from going out of business or neglect, you can probably resurrect the idea.
It's funny how if you had released the idea anonymously on FR, for example, to where it was out in the public domain, you could also terminate their lingering rights to it and while technically fraud, it's actually a just outcome and you could manufacture and sell the thingy free and clear (but so could others of course).
I don't think there was any need for us to get cross wise on this thread, and I apologize for reacting. But these content free technical articles using Carl Levin and John Frakkin MCpain as the technical experts burn me up.
Fraud is rampant. All of this is due to greedy sob's trying to make a Yuan.
But they're not just screwing the roundeye. They're screwing Samsung, Toshiba and Siemens too.
Certainly the PLA is poking around at the periphery too.
But they won't try to insert espionage into parts that are mislabeled!
In fact, they would LOVE for Levin and Mcpain to "win" and think that they've closed the entry vector, so they can funnel whatever without suspicion through a Singapore contingent.
Good post.
On related topic, if you want to know why DoD system costs keep going up, a big part of it is continually more demanding parts compliance requirements. In the aerospace world, they are known as TOR’s. Its MIL-SPEC on steroids. Instead of letting the vendors build their product to meet performance specifications, they now have to ensure all parts meet part requirements in TOR’s regardless of whether or not it affects performance. These requirements and their verification flow all the way down the procurements from contractor to sub-contractor to simple parts manufacturer. Most manufacturers cant meet the requirements without significant cost increase.
Pretty much what I told the company that I later consulted for and needed the technique to make their critical and otherwise unmanufacturable part.
I don't think there was any need for us to get cross wise on this thread, and I apologize for reacting.
Not to worry, no offense taken, I appreciate the passion.
But these content free technical articles using Carl Levin and John Frakkin MCpain as the technical experts burn me up.
Me too.
I don’t think that they were claiming any conspiracy by the Chinese government. When McCain said that it threatened our security, he didn’t mean intellectual security. He was talking about the threat that bogus parts not working endangering the success of an operation and the risk of life that could result.
The conspiracy probably didn’t have anything to do with the Chinese government, other than the fact the Chinese stand up for their own companies, in the same manner that unions protect worker, whether they are guilty or not.
I can assure you the PLA is not on the periphery of this issue.
It’s not like this is unknown. The subject has been publicly discussed since at least 2005.
You should at least read up before claiming the threat of counterfeit chips is simply an IP or revenue issue.
http://www.popularmechanics.com/technology/gadgets/news/4253628
“Such tampering wouldn’t have to occur in a factory where computer components were built. In fact, repair businesses and subcontractors may pose a greater danger. “A skilled and capable adversary could replace a chip on a circuit board with a very similar one,” says John Pironti, a security expert for information technology consulting firm Getronics. “But this chip would have malicious instructions added to the programming.” The strategy wouldn’t be practical for running a broad identity-theft operation, but it might allow spies to focus an attack on a valuable corporate or government target—gaining access to equipment, then doctoring it with hidden functions”
http://defensetech.org/2012/03/29/richard-clarke-all-u-s-electronics-from-china-could-be-infected/
Indeed, the SIA and international organs are drawing up protocols for verifying sources of components, because this counterfeiting is a big issue for no less than:
1. The US
2. Japan
3. S. Korea
4. Germany
5. Malaysia
6. Taiwan
and on and on and on. There’s lots of money being lost by legit vendors as a result of this grey-market crap out of the PRC. I won’t even get into the even more formidable “counterfeit bolt and steel” issue that is out there.
The one chipset(s) where I could see insertion of rogue logic are ethernet interfaces. They’re now a commodity and usually no one even thinks about whether or not they’re correct, much less genuine any more. When I was at cisco, we had quite a little “scandal” with ethernet (back then 10/100, ie, pre-gig) chipsets that didn’t implement collision back-off correctly and some chipsets would silently drop the frame or jam the wire inside the timing windows. No one else was aware of it, not even the vendors, until Xerox PARC debugged the problem on our boxes with an oscilloscope. PARC came to us and said “Look, we have conclusive evidence that these chipsets on these particular ethernet interfaces on these routers implement the spec incorrectly on collision back-off. What do you think?”
Well, what we thought after duplicating the problem(s) was to contact the chip vendors. Much stony silence ensued, until we made legal noises. Then there were some fixes... but still, we had a lot of product out there with defective chips. On lightly loaded networks, no one really noticed... but on a loaded network, oh yea, you’d see the network’s total bandwidth collapse in some situations as a result.
So could someone put a frame sniffer into an ethernet chipset? Sure. Would it be noticed before triggered? Probably not. The industry doesn’t even notice when chipsets don’t meet published specs as it is now. At least some military applications of discrete and analog components require testing in adverse environments where failures will be seen. The PC’s, laptops and routers that the DOD is buying? Feh.
And let’s not even worry about a sniffer logic package. Just insert logic that makes the interface go deaf on receipt of a “magic packet payload pattern” and spew out to a wire or multicast group broadcast address a similar packet, so all other nodes on that ethernet go deaf as well. It wouldn’t take up much in the way of gates. Get some government idiot to surf to a porn site, the response contains the magic byte pattern, the surfer’s computer goes deaf and then takes down everyone else on his switched or bridged network.
The only company I know of who really takes security seriously is IBM. They’re more serious than the DOD or government about security. eg, they ban Siri use on their networks or inside their plants..... because they don’t know for how long or where Apple is storing the voice recordings of input to Siri. Back in the 80’s, IBM was more serious about their own security than the DOD was about US security. IBM knew that DES was compromised from the get-go... and the NSA talked them into keeping the differential crypto vulnerability quiet for years...
Dave that’s a great anecdote. Indeed, in higher function chips you could indeed do quite a bit with, say, “test modes.”
However, I think you’d have to agree that it would take orders of magnitude more design skill to intentionally accomplish a malicious backoff anomaly like you described, much less a commanded problem, than is required to merely design the primary functionality.
“Never attribute to malice what can be sufficiently explained by incompetence.”
So it’s certainly possible in high level SOCs and ethernet macs, but other musings (not yours) elicited by these type articles about wakeup routines in passives and discretes is silly.
I would extend your scenario a bit, though. You’re correct that those parts are commodities. And they are generally core-limited, so the cost is proportional to die area. The only saving grace is that for the very critical commodity type parts you describe, in order for them to be a commodity by definition there has to be high volumes, and thus the front company would have to take a pretty good hit financially to pump those into the channel.
This goes back to the procurement people ought to be on the lookout for these kind of anomalies, not just Mcpain and Levin boycotting quote-unquote chicom parts.
A North Korean design house tapes out an ethernet chip with the magic packet command you’re talking about. They get it fabbed through a south korean agent in Taiwan, package it in Singapore, ship it to a USA distributor under a “FuTech” shell brand of some kind. It’s not a counterfeit. It’s not a knock off. It’s not from china. It passes functional tests.
That’s my point on here. The fraud is one thing, costing companies money. The ESPIONAGE potential is far beyond the scope of “boycotting china” which is all these political pinheads and newswriters seem to understand.
THESE CASES ARE IP OR REVENUE FRAUD. THESE CASES ARE NOT ESPIONAGE-ON-A-CHIP.
Your links go a step further in obfuscation by interchangeably mixing IP theft via soft hacking, and "fake parts" which are totally different.
As your own links show, you've got a John Pironti (a counsultant with a fax machine) and Richard Clark trying to sell some consulting.
Go ahead and focus on the PLA. Ban all "Chicom components." Then explain how that does one goddam thing to avoid true espionage as I describe above.
Get it through your head.
FAKE PARTS are fraud. Those cost companies Dollars.
Espionage parts will be LEGIT. Those cost lives.
That's the difference.
“Built the world’s first microprocessor with on chip ROM and RAM, built the world’s brightest GaAsP LED, made a silicon IR photodetector sensitive enough to force NBS to recalibrate their standards, hold 5 US patents, with several pending.”
Can you help me with gapping my ‘65 GTOs plugs and distributor points?
(Just kidding; I’m impressed.)
Sure, just remember to replace the condenser when you replace the points...
Set the plugs to 35 thousandths, screw in the points gap until the engine starts to misfire, and back it off half a turn.
Eva, you're exactly correct. And I would agree with him, except that it doesn't matter to a dead pilot if the failed parts are in-spec knockoffs from china or if they're poor-quality originals from California.
The meager content of the article provided no constraint to multiple readers' preconceived agendas about espionage etc!
The article mentions not a whit about (A) did these "fake parts" pass the rigorous qualification tests? and (B) did any of these "fake parts" actually cause any problems?
The question is pertinent to Magnum44's great post (repeated below) about how ridiculous the hoops are for milspec acceptance tests in the first place. Either these parts met those damn specs or they escaped around them. WHICH HAPPENED? I can infer (A) happened from the article because they were pulled out of service. After acceptance. There was nothing wrong with the parts, they were just sold by someone who didn't own them...IP/FRAUD.
Eva: The conspiracy probably didn’t have anything to do with the Chinese government, other than the fact the Chinese stand up for their own companies, in the same manner that unions protect worker, whether they are guilty or not.
Indeed. I doubt it did at all. But the politicians like mcpain will gladly ride the indignant outrage of readers and voters against the chinese while the acquisition bureaucrats in the DoD will skate on the fraud issue, or worse, get an opportunity to expand their power due to their own incompetence.
As Magnum's post below describes, these enemies-within-purchasing could damn well take this opportunity to make it so damn hard to build a radio for a C-17 that nobody will bother. Our bureaucrats are far more dangerous to our servicemen than the PLA's chip engineers. This is, by the way, how we got $500 hammers in the 80's you know. It wasn't greedy hammer manufacturers.
Magnum44: On related topic, if you want to know why DoD system costs keep going up, a big part of it is continually more demanding parts compliance requirements. In the aerospace world, they are known as TOR’s. Its MIL-SPEC on steroids. Instead of letting the vendors build their product to meet performance specifications, they now have to ensure all parts meet part requirements in TOR’s regardless of whether or not it affects performance. These requirements and their verification flow all the way down the procurements from contractor to sub-contractor to simple parts manufacturer. Most manufacturers cant meet the requirements without significant cost increase.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.