Posted on 05/22/2012 8:42:58 AM PDT by the scotsman
'More than a million fake electronic parts from China have been found in US military aircraft, posing a risk to national security, an investigation has revealed.
A report by the US Senate uncovered 1,800 cases of bogus parts - including some in special operations helicopters and the US Air Force's largest cargo plane. The total number of individual components involved in these cases exceeded one million, the Committee on Armed Services publication said.
"This flood of counterfeit parts, overwhelmingly from China, threatens national security, the safety of our troops and American jobs," committee chairman Senator Carl Levin said. "It underscores China's failure to police the blatant market in counterfeit parts - a failure China should rectify," he added.
As part of a year-long investigation, the US Government Accountability Office created a fictitious company and purchased electronic parts on the internet. Of the 16 items bought, all were counterfeit and some had bogus identification numbers. The components came from suppliers based in China - which Senator Levin described as the "epicentre of electronic part counterfeiting".
The report accused Beijing of openly allowing counterfeiting operations, and said attempts by officials to get visas to travel to China as part of the probe had failed. US authorities and contract companies contributed to the problem by not detecting the fakes and routinely failing to report them, the report said.
The Defense Department was also criticised for lacking "knowledge of the scope and impact of counterfeit parts on critical defence systems".
Committee member Senator John McCain said the prevalence of bogus parts made the country vulnerable and posed a risk to "our security and the lives of the men and women who protect it".'
(Excerpt) Read more at uk.news.yahoo.com ...
I used to use a matchbook cover to gap ‘em all, but found a feeler gauge works better. I tried to turn the distributor by hand ONCE, while the car was running, and got thrown clean out of the garage. Zowie!
Thanks for the tip.
“A nation that kills its own children is a nation without hope.” Blessed John Paul II
“A nation that kills its own children is a nation without hope.” Blessed John Paul II
Oh yea, I’m all about the economic issue first and foremost.
For me, the #1 issue is that this rampant fraud on the part of importers and PRC companies undercuts *entire industries* which we, the US, should make sure we have because they’re “strategically important.”
There used to be declarations of “strategically important” industries in the US supply chain. Electronics manufactures were one such, as well as steel, munitions, etc.
At the rate this “Free trade” idiocy is going, however, I fully expect to wake up one day and find out that the DOD has allowed Alliant Techsystems to be sold to the PLA. You know, the guys who run the Lake City munitions plant? Stock ticker ATK? They make great hairy gobs of 5.56 and 7.62 ammo? There’s nothing so strategically stupid I put it beyond the ability of the “free trade uber alles” crowd to accomplish now.
That said, I agree with you that it would take some skill to accomplish a malicious, remote-commanded problem in an Ethernet chipset, but it wouldn’t be too difficult for the PLA and their minions. The logic is already there in the chip to go deaf or go promiscuous, to do all the other functions I’ve described, so all you’d need to add would be a state machine and a byte-wise scanner to look for the pattern.
Everything it could do, however, would also be easy to do it with remotely inserted s/w, and the PLA has proven that they’re quite capable in the cyber-warfare realm and quite active too. I offer the NIC chipset scenario as a possibility when (if) Microsoft and the US Government (GSA and DOD) come up with software security strong enough to make the PLA’s cyberwarfare mission so difficult they have to resort to it. Right now, there’s so many avenues in through software, hardware attacks are low on the PLA’s priority list.
The PLA front company(ies) could take huge hits financially to accomplish this. Consider the hits the PLA businesses take when they screw up, or that their government is going to take *right now* as their economy’s idiotic devotion of huge resources into “see-through cities” comes to light. By “see through cities” I mean just that: There are huge tracts of apartment/condo buildings that have been built with state-backed financing that have no occupants - because the people cannot afford them. The PRC is finding out that the “if you build it, they will come” works only when people are rich enough to have a choice of “Well, I can go to the city with my bankroll and get an apartment... or I can milk these two cows and plow my field with them, lest my family starve” is tilted towards the former option. They’ve about exhausted the number of people who can do the first option... hence the see-through cities.
In the PRC, financial losses don’t carry the same sting as they do here. There’s no investigation, the whole thing is pretty much swept under fine silk rugs and ignored. Their current account surplus with the US means they don’t have to care. Yet another “own goal” for the “free trade” movement.
As to the other things you’ve discussed on this thread: Yea, I just don’t see any credence to the idea of trying to plant something into discrete components. Sure, they’re probably utter crap, out of tolerance and without reliability.... so there are doubtless higher failure rates, but trap doors? Nah, not seeing that. To pull off the trap, I’d speculate that they pull off my method: A seemingly mundane, absolutely ubiquitous chip with higher order functionality. Ethernet or other interface chips meet this description, because as long as they work... no one is going to give a rat’s rear end what might be activated via JTAG other other interfaces...
Now in the SOC... holy crap, is there opportunity for mischief. Everyone using a SOC is usually using it for reasons of cost-cutting, so if someone with seemingly credible rep comes along offering you 10K+ pieces at 20% off... SOC users will typically leap at that deal. I saw that too... and we were one of the first router vendors using SOC’s. The first SOC router we shipped was based on Moto’s Dragonball chip. The SOC was actually the second biggest COGS in the box, the DRAM was #1. No one is going to bother trying to do anything in DRAM chips - you could peel back the container, take a look with a common optical microscope and spot the “This bunch of gates doesn’t look like all the others” in a second of cursory examination.
But stuffing something in to a SOC? Easy. IBM told us just how easy and how much room there was left over on the silicon for most SOC’s. Their Cell Power Architecture building blocks left us gob-smacked at what IBM could fit onto a commodity-sized piece of silicon... back then, they were pitching us four CPU’s (without MMU or FPU), a whole bunch of interface logic, memory and cache controllers, the DRAM for cache, etc, etc. Utterly fantastic stuff... and that was back in 2000. What was bleeding edge for IBM back then is probably idiot level stuff now.
In the end, I foresee some of the tightest security stuff going back to custom FPGA’s which are programmed by either trusted vendors or the NSA/CIA/DOD with controlled distribution. Spendy, but much more secure.
Here’s why, BTW:
Thanks for the discussion but the use of all-caps is usually a wave-off for me.
I’ll just say that the IP, revenue and equipment failure issue of counterfeit-for-profit chips is trivial compared to the threat posed by (yes, good quality -Duh) counterfeit espionage chips.
And don’t knock Richard Clarke. He’s a stand-up guy (read: principled) who knows exactly what he is talking about regarding cyber warfare.
http://www.richardaclarke.net/
Right now, there’s so many avenues in through software, hardware attacks are low on the PLA’s priority list.
Bingo. and. In the end, I foresee some of the tightest security stuff going back to custom FPGA’s which are programmed by either trusted vendors or the NSA/CIA/DOD with controlled distribution. Spendy, but much more secure.
Bullseye again.
Unfortunately, bring those two together my friend. The latest rage in "hardware security" ironically is dynamically downloadable FPGAs. WHAT?! At EACH power on, the FPGAs download their programming (e.g. their functional circuitry) from local (which can be on another system...remote!) NV storage. YIKES! Talk about the ultimate in viral penetration potential. 100% legitimate chips from legitimate vendors with a wide open front door to have complete control over their functionality?!
So that's why I get in a tizzy and type ALL CAPS on these threads.
My gawd man, there's some scary shiite out there and it AIN'T KNOCK-OFF resistors and transistors and other "mislabeled" passives from China!
I still get a kick out of that. "It's a counterfeit part with a different part number stamped on it!" LOL. wth?
And fwiw, from a respectful disagreement (ALLCAPS) point of view, may I recommend that you temper your use of Pop Mechanics as a technical news source?
In past decades it was a nice Reader’s Digest of technology.
But it seems to have become the CBS Evening News of silly checkout stand nonsense.
A shame. It’s a toy balloon of content. Thin veneer with lighter-than-air inside.
The only sources I can provide are public domain via Google search. However, that is not where I receive my information. Take a clue from Mr. Clarke. He received regular, classified briefings on chip-based espionage.
You have no appreciation of the extent and capabilities of this penetration. Others who’ve received classified briefings do. A very well informed person even wrote a book about it. What more is required?
A) network/software "cybersecurity" hacking, data gathering
B) backdoor/trojan horse chip designs
C) IP Fraud/counterfeit chips
Totally different things.
Clarke talking explicitly and exclusively about A. Dumbstream media is reporting on C and inferring B.
B is economically unproductive compared to the wide open vulnerabilities in A, and C has nothing to do with B, since B can be done easier, cheaper and more surreptitiously in legitimate chips rather than risk red flags with C.
Understand, I’m still plenty pissed off by counterfeit parts from China. I’m plenty pissed off by counterfeit bolts, bolt steel, tool steel, carbide tooling, rifle scopes, etc.
Counterfeiting, knock-offs and IP theft by the PRC/PLA is costing this country’s private sector HUGE amounts of money - billions of revenue per year.
Our cowardly, supine pussies in office never, ever do anything about it - including the GOP, who thinks that making any move against China amounts to a re-enactment of Smoot-Hawley.
We cannot run our military if we have allowed all the strategic industries which supply the armed forces with parts, complete systems, etc to be put out of business by the GODDAMN COMMUNISTS. The only good communist is a DEAD one, IMO.
Only problem is that china is going to seem like Galt’s Gulch if the marxists here keep it up.
As I remember the story, there was a lot of blame put on Boeing for not following quality control standards with parts contractors. They had the same type of problem with their civilian planes, not just dept of defense contracts.
Maybe the relationship between Boeing and the dept of defense is just too cozy.
Actually, since my company makes all of the chips of consequence inside our products I am certain in what I say. Regarding the other chips, it is is irrelevant. Ls, Cs, Rs, Es, SOT23, etc, cannot be used for espionage. Our PAs come from the OEMs. What we do get via suppliers cannot be used for espionage.
I am not saying that it cannot be done and that the US should not be doing it, I’m just saying it does not happen in my companies products.
Like I was saying...
http://www.businessinsider.com/sergei-skorobogatov-defends-backdoor-claims-2012-5
BI: Could you respond to this Errata post specifically?
1) We have made no reference to any Chinese involvement in either of the released papers or any reference to espionage. Therefore we don't agree with Robert Graham's assertion that we suggest Chinese involvement. So we have no idea why people have linked the Chinese to this as it did not come from us.
2) As far as we are concerned the back door was implemented by the manufacturers at the design stage and we suggest that in the papers.
Ok? So now we can all agree that the article of the original thread is about fraudulently copied functional equivalents, and not Chinese espionage like Sergei Impliedalotovstov says he's not alluding to. And we can agree that your rebuttal's author Sergei found a method to read out Actel's FPGA programming....which would allow certain data to be read if you could clip wires onto that physical system.
Wooptiedoo! Anyone who has ever fired up an evaluation board with a microcontroller or FPGA from Actel or Xilinx has known this for decades.
I've already mentioned upthread a more glaring, public, non-hidden problem with FPGAs which have the ability to be programmed via serial links and networks. So yeah, those systems could be vulnerable to cyberattacks from Korea or Russia or Israel or China. But that is coming from insecure design and development of the intended, advertised product MADE IN THE USA. Not Chinese "backdoors" in resistors!
But Sergei Wrotealotovrot did a smart thing by fanning the espionage flames. Otherwise his "expose" of an obvious internal exploit for a particular US design would've gotten ho-hum interest from anyone who knew anything about JTAG programming of FPGAs. BTW, you realize that the engineers who implemented that JTAG logic function have a design spec internally, and they have a Verilog or VHDL description of it, and tested it internally. Anyone who worked on that project knows everything Sergei Didalotovnada learned, and was not under any kind of military clearance, and might not have even had a non-disclosure agreement with respect to emailing it to a colleague, customer, student or chinese spy!
There is an OBD-II test port under your dash in your car. Sergei Solderingiron could go to the dealer with your car and tap on to the link while the dealer connects his diagnostic computer, and Sergei could write a paper about undocumented OBD-II registers on your particular ECM.
That ECM and/or other chips in the car may be made in part or in whole in China. Some of the components may even be fraudulent copies of legitimate chips.
Sergei may have another interesting paper, and Sergei may be able to even write some registers to lean out your engine and burn a valve if you let him in the car and let him reprogram it.
But nobody in Beijing can flip a switch and make your car go dead in an intersection!
Test Port ≠ Remote Backdoor
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.