Chinese Regime Has Backdoor Access to US Systems

Well what else is new __ ? Fools with power control everything today, even our top military staff and hundreds of computer systems run by the alphabet agencies

China probably manufactures all weapons and ammunition used by US troops and most of our military airplane parts. The whole world is corrupt and China is getting richer while we are getting poorer. Sad but true

*Ping* !

Yeah but their backdoor has on of our backdoors so.......well I wish. What the hell do we expect to happen when our chips are made by COMMMMMMUNNNIST CHINA.!!!

Nixon, Kissinger, China, “free trade,” RINOS.

See tag line.

I think most free trade advocates would make the argument that national security should not be farmed out to any foreign bidders, lowest bid or not. Some things are worth paying extra for.

DUH! Stupid is as stupid does.

All the people in positions to do anything about this are either quietly fixing the problem or think themselves immune to the disaster.

We’re lucky to have survived for this long.

To bad the greedy and stupid CEO’s strip mining our country for short term profits didn’t get the memo. China is strategically cleaning our clocks and the free trade crowd says look I made another 100 million so I must be successful. Profits are not everything and collapsing the economic system to prove this point is going to be painful.

I think most free trade advocates would make the argument that national security should not be farmed out to any foreign bidders, lowest bid or not. Some things are worth paying extra for.

Were the companies importing said products LIABLE for said risks, my bet is that they would not be doing this.

Kruschev once said, “We will hang you ... and you will sell us the rope”.

Close. “We’ll hang ourselves and buy the rope from you.”

Weren’t you assuring us that this wasn’t happening just 2 weeks ago today?

Normally all security critical systems are kept off the public internet, so there would be no way for a spyware worm to communicate with a back door. However there are tricks like putting the worm on a thumb drive, labeling it porn, and “losing” it in the parking lot of a secure facility.

Normally all security critical systems are kept off the public internet,

One wonders if these chips can be queried through their power supplies via the power grid. Doubt it, but it would be interesting. If you did the transmission slow enough, the signal to noise might be lower and yet harder to detect.

And a foreign state owned telecommunication company is also a primary provider for sensitive US Government communications systems. But it’s okay, that government is mostly friendly to our causes - except when it’s not and actively works against us. That only happens every other year or so, so I guess that is a risk we can take.

Tapping out a signal that way would be troublesome. Computing equipment might sense power sags, but would be oblivious to any signal frequencies riding on the power wires, and would have no way of modulating same. That is, not without purpose built equipment, such as ethernet over power lines. And causing a sag to happen would be instantly seen as a bad, bad bug.

Manufacturing American military software in a potentially hostile country just amazes me. Whose dumb idea was this?

Whose dumb idea was this?

people who made a lot of money.

May they suffer greatly.

Well at least we got a great deal on all those Chinese chips!

This is all just part of Slick Willie's legacy of 'free trade' and cheap Walmart junk retailing for less than US companies could make it for wholesale.

It's all about price afterall. If we would have wanted secure EPROM chips within the systems of our military's printed circuit boards, we could have made them here, but WOW, look at the low prices!

“Whose dumb idea was this?”

Bill Clinton’s?

Clinton was certainly party to it because of the money he received from the Chicoms.

Wall Street/Stockholders. We have to hit those quarterly forecasts, so we have to outsource to the cheapest bidder who happens to be China, our friendly enemy.

“China, our friendly enemy.”

I love it! So true!!!

Exactly!!!

Al Gore: “No controlling legal authority”

Traitorous trash!

Al Gore: “No controlling legal authority”

Traitorous trash!

And they CYA and protect each other.

Bastards, all.

China's not the only country tapping out malicious code. Pretty much every country that has access to the Internet is involved at some level.

There are high level, state sponsored efforts that companies and government agencies get Shanghaied by, and rouge, low-level criminal or hacker activities.

I don't consider farming out development of mission critical systems and components to be "stupid". The perps know what's at risk. It's all part of the globalist playbook.

“I think most free trade advocates would make the argument that national security should not be farmed out to any foreign bidders, lowest bid or not. Some things are worth paying extra for.”

It is true the military is supposed to source domestically where possible. Unfortunately, huge segments of our industrial infrastructure no longer exist so it is not always possible to domestically source components. The military market is not large enough, even if it pays a premium price, to keep factories for many products running.

One example is the decline of the US textile and apparel business. It is likely the last domestic nylon yarn spinning plant will close within the next five years. With the recent passage of the Korea free trade bill it will be cheaper to import the yarn from Korea than keep the last US factory open.

The consumer “outdoor” industry uses a significant amount of nylon and polyester (tents, packs, clothing, other equipment). Legislation is now being pushed in Congress to eliminate tariffs on import of consumer outdoor products. Once that happens (likely 2013) as both parties are in favor, this source of domestic demand will go away (as will the tariff revenue to the US government for current imports). Say goodbye to domestic production of polyester and nylon yarns. Imagine all of the military products (clothing, parachutes, seating, ropes, body armor, velcro, parts) made from nylon and polyester. Without a consumer demand for domestic products, there will be no manufacturing infrastructure in place to make military products at any price.

Thanks to the loss of domestic manufacturing infrastructure over the past 20 years to Asia, we no longer have the manufacturing capability in place to support a protracted war. If this were 1941, we would be positioned to lose the war as we would not be able to import the raw materials, we would not have the factories in place, and we could not build the factories fast enough.

I’d rather pay $10 more for a domestic tent, $2.00 more for a domestic polyester shirt, or 50 cents more for a domestic plastic bowl than be in a position where this nation’s supply lines would be cut at the beginning of a conflict and the factories would not exist to be converted to war production. In the event of war with China, does anyone believe we will be able to import chips, clothing, tires, and other materials once the war begins?

None of our vital military components should be made in China.

Tapping out a signal that way would be troublesome.

I have a degree in signal processing. It's been a long time, but, having seen switches capable of sensing distinctions at -60dB, well, I have no idea any more what these guys can do now, so I asked. It would take a trigger string or spread spectrum key, but with so many devices that's not likely. The liability would be that once known, it could easily be canceled. The problem for the listener would be detecting and untangling the multiple identifiers amid so much noise.

My point in asking the question was to point out how unlikely it is that if the Chinese are that motivated to penetrate our systems, then we just should never buy the stuff. It can't be that much cheaper and what with the requirements of Mil-Spec documentation, they probably cheat on that too. Not that I think all that paperwork accomplishes diddly, but it is unfair to the domestic supplier. The benefit to us of having our auditors on the ground there was clearly illusory.

None of our vital military components should be made in China.

How about all those laptops Toddster??? Those get "vital" too, depending upon where they are used. This economy would come to a stand-still if they Chinks (and in this instance, pun intended, because that is what they are installing in our equipment) had so much as a "get lost, permanently" destruct mechanism.

You guys just don't think about possibilities very well when the prospect of an extra $.03 per part is waved in front of your nose.

How about those laptops?

I don't save $.03 per part.

You must be confused.

“Skorobogatov notes that 99 percent of chips are manufactured in China”

Um, no. Not even close. Maybe .99%, but that seems a bit too high to me. Quite a bit too high, actually.

None are. Taiwan is a different story, but China? No.

Filthy, dripping, oozing whores - all of the Rats!!!

I don't save $.03 per part.

Apple, Acer, and others do. That's how those parts get here. Or do you know crap about manufacturing?

You must be confused.

Culpable denial is confusion in the eye of the beholder.

null&void: Weren’t you assuring us that this wasn’t happening just 2 weeks ago today?

No. It was exactly ONE week ago. Thanks for the ping to another anthill, tho. =)

The question is: does anyone really want to know that the author of the study in question (Sergei Skorobogatov) specifically said that what he found in an FPGA programming method had nothing to do with the Chinese?

Does anyone here really care about the real potential for espionage from Norks, Russians, and Chinese that can so easily be done via USA fabs and design houses?

Does anyone here care that these stories are being ginned and purposefully conflated with the instances of counterfeiting done in every country of origin with nothing to do with software/networking espionage like Stuxnet (which was also not Chinese)? Does anyone care that these stories are fanned by Richard Clarke and Carl Levin to push their establishment agendas, and distracts from the numerous "legitimate" ways to infiltrate US military systems.

IOW, these guys are interested in directing attention away from their buds in the existing sloppy military procurement bureaucracy, away from the wide-open real threats to espionage in San Jose, California, for example, and on to those bastard freetradecommies that everybody hates. Did Clarke mention he has a book out for sale?

Fake Chinese Parts 'Found In US Planes'

05/30/2012 12:54:31 PM PDT · 176 of 177
sam_paine to Justa; jrestrepo; NVDave

So now we all agree! Like I was saying...

BI: Could you respond to this Errata post ("Bogus story: no Chinese backdoor in military chip") specifically?

[Sergei Skorobogatov] 1) We have made no reference to any Chinese involvement in either of the released papers or any reference to espionage. Therefore we don't agree with Robert Graham's assertion that we suggest Chinese involvement. So we have no idea why people have linked the Chinese to this as it did not come from us.

[Sergei Skorobogatov] 2) As far as we are concerned the back door was implemented by the manufacturers at the design stage and we suggest that in the papers.

That is from your "rebuttal" link, Justy.

Ok? So now we can all agree that the article of the original thread is about fraudulently copied functional equivalents, and not Chinese espionage like Sergei Impliedalotovstov says he's not alluding to. And we can agree that your rebuttal's author Sergei found a method to read out Actel's FPGA programming....which would allow certain data to be read if you could clip wires onto that physical system.

Wooptiedoo! Anyone who has ever fired up an evaluation board with a microcontroller or FPGA from Actel or Xilinx has known this for decades.

I've already mentioned upthread a more glaring, public, non-hidden problem with FPGAs which have the ability to be programmed via serial links and networks. So yeah, those systems could be vulnerable to cyberattacks from Korea or Russia or Israel or China. But that is coming from insecure design and development of the intended, advertised product MADE IN THE USA. Not Chinese "backdoors" in resistors!

But Sergei Wrotealotovrot did a smart thing by fanning the espionage flames. Otherwise his "expose" of an obvious internal exploit for a particular US design would've gotten ho-hum interest from anyone who knew anything about JTAG programming of FPGAs. BTW, you realize that the engineers who implemented that JTAG logic function have a design spec internally, and they have a Verilog or VHDL description of it, and tested it internally. Anyone who worked on that project knows everything Sergei Didalotovnada learned, and was not under any kind of military clearance, and might not have even had a non-disclosure agreement with respect to emailing it to a colleague, customer, student or chinese spy!

176 of 177

Globalism is a suicide pact among the elitists. Citizens of the world - US politicans and private industry - could care less if the US is burried or not and they are making the suicidal decisions for the “their people” of the globe on global trade. All degrees of treason can be and are being rationalized.

Thanks for your prompt and excellent reply. I missed last weeks anthill, I found a similar one I was involved with on the 23rd.

To the degree that Chinese manufacturers robotically use our layouts and mask sets there is little danger of them using our designed in back doors.

Unfortunately we train a LOT of Chinese engineering students in our universities, and SOME of them are PLA officers, and SOME of them are quite capable of reverse engineering our designs to insert any back doors the Chinese government desires.

The rules of threat assessment call for identifying what an enemy is capable of doing, not necessarily what they are actually doing.

They are capable of inserting a dormant shut down code in every microprocessor they manufacture, some of those chips might work their ways into critical systems. Most will end up sprinkled throughout our electronic infrastructure.

How much havoc would ensue if say, 10% of our gas pumps, heart monitors TV stations and home shopping computers all died in the same hour is an exercise left to the reader...

They are capable of inserting a dormant shut down code in every microprocessor they manufacture, some of those chips might work their ways into critical systems. Most will end up sprinkled throughout our electronic infrastructure.

Of course that's correct....but....it's sooo much easier and more effective to "insert a test mode" via a commie sympathizer sellout round-eye in San Jose or Austin!

I'm sure you recognize that it's exceedingly hard and dangerous to slap in some hard logic into a mask and have it not only work, but not screw up other functionality or test vectors, risking discovery.

It's far easier to feed it in at the top of the food chain in HDL as a "test register" right out "in the open." Except "in the open" might be well documented on Page 1,442 of the design datasheet, which is an internal Intel or Freescale document that nobody in Federal Procurement will ever see, much less read.

Exactly, except the "round-eye" might well be a Chinese engineer who came here on a PLA sponsored student visa.

The saying here in Silicon Valley is:

Half the Chinese here are spying on us.
The other half are spying on them!

From the typical trash that is a utilities power line waveform, computer power supplies are already expected to produce a silky smooth DC at various levels and currents. Switching supplies are all the rage today. Now if a switching supply producer were in cahoots with a CPU producer and spyware designer, so as to selectively let “noise” in and out, there could be an interesting interaction. The switching supply would need a few smarts to be able to know when and what to pass through. It would take more than the dumb discrete designs of the present.

I don't save $.03 per part.

Apple, Acer, and others do.

Perhaps you should whine at them then, instead of at me?

Or do you know crap about manufacturing?

Whiner says what?

"Does anyone here really care about the real potential for espionage from Norks, Russians, and Chinese that can so easily be done via USA fabs and design houses?"

I can only speak for me - Yes, and assume others care based on what I read in comments on FR, like this from "null and void":

The rules of threat assessment call for identifying what an enemy is capable of doing, not necessarily what they are actually doing.

I like that quote a lot - given almost 30 years of high-end global industry experience (see note 1 below).

Based on your comments, I believe we're in agreement on the risk assessment facts from known design and engineering practices. We don't need to invent complicated engineering scenarios in order to be concerned about what's already installed across America and the globe that controls core elements of every day life.

The WashedUp Times pointed out some of the recently published studies on PLC vulnerabilities:

Project Basecamp at S4

"Project Basecamp had six great researchers looking for vulnerabilities in six different PLC’s / field devices, and the PLC’s took a beating. There were backdoors, weak credential storage, ability to change ladder logic and firmware, command line interface, overflows galore, TFTP for important files and so much more."

Cyber search engine Shodan exposes industrial control systems to new risks

Researchers found that one machine made by General Electric, the D-20, uses the same microprocessor installed in Apple computers two decades ago. The company that made its operating software stopped updating it in 1999. It is often shipped to customers with no meaningful security.“Security is disabled by default,” the manual says. “To log in, enter any name; you do not need a password.”
In a statement to The Washington Post, General Electric said: “The D-20 was designed for deployment in a layered security environment, in which asset owners and operators employ a range of measures to prevent, detect and respond to intrusions. GE actively works with our customers to design and support those security measures.”
The company added that the software for the machine “is designed to be secure and includes a layer of password-protection, which can be activated if the customer chooses to do so.”
Other machines had flaws that enabled the researchers to take control through electronic back doors.
In January, Digital Bond said the results were “a bloodbath, mostly.”
“Most of the guys were able to hack their controllers in a single day,” said K. Reid Wightman, a Digital Bond security researcher and former Pentagon cyberwarrior. “It’s just too easy. If we can do it, imagine what a well-funded foreign power could do.”

(1) My first professional job was in semiconductor manufacturing, not as an EE, but I designed their first distributed systems with desktops and "file servers" delivering integrated data from big iron global systems. And I pioneered some of the first commercial Software as a Service products. This was way before there were any books available on how to build, sell, run, scale, and support such products.

Clinton, the reason W Bush was the best President since Reagan even though W Bush stunk.

Is the Russian mob still after you?

Linking a video by the Loose Change truther?

You should be ashamed.

Amen to that!