Chinese Regime Has Backdoor Access to US Systems

The Epoc Times ^ | 5/26/2012 | Joshua Philipp and Epoc Times Staff

[ex-Texan]

Alarming report reveals malware in silicon chips

A recent study found that a U.S. military chip manufactured in China—widely used in systems for weapons, nuclear power plants, and public transport—contains a built-in backdoor that allows the Chinese regime access to critical U.S. systems.

“In other words, this backdoor access could be turned into an advanced Stuxnet weapon to attack potentially millions of systems. The scale and range of possible attacks has huge implications for national security and public infrastructure,” writes security researcher Sergei Skorobogatov on his blog. Skorobogatov is from U.K.-based Hardware Security Group at the University of Cambridge, the group that conducted the study.

The Stuxnet weapon he refers to was a piece of malware that was able to physically destroy nuclear centrifuges at an Iranian nuclear plant.

Going off claims from some of the world’s top intelligence agencies—among them MI5, NSA, and IARPA—that computer chips could be preloaded with potentially devastating malware, Hardware Security Group decided to put this to the test.

“We chose an American military chip that is highly secure with sophisticated encryption standard, manufactured in China,” Skorobogatov said. They used a new form of chip scanning technology to “see if there were any unexpected features on the chip.”

“U.K. officials are fearful that China has the capability to shut down businesses, military and critical infrastructure through cyber-attacks and spy equipment embedded in computer and telecommunications equipment,” he said, noting, “There have been many cases of computer hardware having backdoors, Trojans, or other programs to allow an attacker to gain access or transmit confidential data to a third party.”

Their complete findings will be published in September, in a paper called “Breakthrough silicon scanning discovers backdoor in military chip,” which Skorobogatov says “will expose some serious security issues in the devices, which are supposed to be unbreakable.”

The chip scanning technology is still relatively new, and thus, studies such as this are few and far between. Skorobogatov notes that 99 percent of chips are manufactured in China, and the prevalence of such malware is something he and his research group would like to investigate further.

Even so, the issue of the Chinese regime planting malware in exported technology is not unknown.

Back in July 2011, Greg Schaffer, acting deputy undersecretary of the Department of Homeland Security (DHS) National Protection and Programs Directorate, testified before the House Oversight and Government Reform Committee.

After being pressed with questions around this, Schaffer admitted he was “aware of some instances” of foreign-made software and hardware being purposely embedded with malware, The Epoch Times reported.

Rep. Jason Chaffetz (R-Utah) continued pressing Schaffer on this, and after trying to avoid the question or give vague responses several times, Schaffer admitted that he was aware of this happening, and said, “We believe there is significant risk in the area of supply chain.”

“This is one of the most complicated and difficult challenges that we have,” Schaffer said. “There are foreign components in many U.S. manufactured devices.”

Few details have been revealed since. Yet, in April 2011, the Commerce Department sent a survey to U.S. telecommunication companies—including AT&T Inc. and Verizon Communications Inc.—demanding “confidential information about their networks in a hunt for Chinese cyberspying,” Bloomberg reported in November 2011. Built-in Spying

Among the information requested were details on foreign-made hardware and software on company networks, and it asked about any findings of “unauthorized electronic hardware” or anything else suspicious, Bloomberg reported.

There seemed to be a tight lid on this, even then. A senior U.S. official spoke to Bloomberg on anonymity, noting, they report, “The survey represents ‘very high-level’ concern that China and other countries may be using their growing export sectors to develop built-in spying capabilities in U.S. networks…”

This was further exposed a month later by author and freelance writer Robert McGarvey, reporting for Internet Evolution. He was told by Don DeBolt, director of threat research at the New York security-consulting firm Total Defense, that “China has been bugging our computers for a long time,” and “We have seen cases where malware is installed at the BIOS level. Security suites do not detect it.” Computers all have a BIOS (Basic Input/Output System) chip that is sometimes hard-coded, meaning they can only be written once and contain information about the system’s hardware.

And just recently, on April 29, former U.S. counterterrorism czar Richard Clarke, who now runs his own cybersecurity firm, told Smithsonian Magazine that such Chinese malware even exists at the consumer level—in shocking prevalence—stating that everything from silicon chips, to routers, to hardware could be loaded with logic bombs, Trojan horses, and other forms of malware.

“Every major company in the United States has already been penetrated by China,” Clarke told Smithsonian Magazine.

“My greatest fear,” he continued, “is that, rather than having a cyber-Pearl Harbor event, we will instead have this death of a thousand cuts. Where we lose our competitiveness by having all of our research and development stolen by the Chinese.

Related Articles

US Military Gearing Up for Cyberwar

“And we never really see the single event that makes us do something about it. That it’s always just below our pain threshold. That company after company in the United States spends millions, hundreds of millions, in some cases billions of dollars on R&D and that information goes free to China. … After a while you can’t compete,” Clarke concluded.

[unkus]

Clinton was certainly party to it because of the money he received from the Chicoms.

[Chgogal]

Wall Street/Stockholders. We have to hit those quarterly forecasts, so we have to outsource to the cheapest bidder who happens to be China, our friendly enemy.

[GOPsterinMA]

“China, our friendly enemy.”

I love it! So true!!!

[GOPsterinMA]

Exactly!!!

Al Gore: “No controlling legal authority”

Traitorous trash!

[unkus]

Al Gore: “No controlling legal authority”

Traitorous trash!

---

And they CYA and protect each other.

Bastards, all.

[goron]

[uncommonsense]

China's not the only country tapping out malicious code. Pretty much every country that has access to the Internet is involved at some level.

There are high level, state sponsored efforts that companies and government agencies get Shanghaied by, and rouge, low-level criminal or hacker activities.

I don't consider farming out development of mission critical systems and components to be "stupid". The perps know what's at risk. It's all part of the globalist playbook.

[Soul of the South]

“I think most free trade advocates would make the argument that national security should not be farmed out to any foreign bidders, lowest bid or not. Some things are worth paying extra for.”

It is true the military is supposed to source domestically where possible. Unfortunately, huge segments of our industrial infrastructure no longer exist so it is not always possible to domestically source components. The military market is not large enough, even if it pays a premium price, to keep factories for many products running.

One example is the decline of the US textile and apparel business. It is likely the last domestic nylon yarn spinning plant will close within the next five years. With the recent passage of the Korea free trade bill it will be cheaper to import the yarn from Korea than keep the last US factory open.

The consumer “outdoor” industry uses a significant amount of nylon and polyester (tents, packs, clothing, other equipment). Legislation is now being pushed in Congress to eliminate tariffs on import of consumer outdoor products. Once that happens (likely 2013) as both parties are in favor, this source of domestic demand will go away (as will the tariff revenue to the US government for current imports). Say goodbye to domestic production of polyester and nylon yarns. Imagine all of the military products (clothing, parachutes, seating, ropes, body armor, velcro, parts) made from nylon and polyester. Without a consumer demand for domestic products, there will be no manufacturing infrastructure in place to make military products at any price.

Thanks to the loss of domestic manufacturing infrastructure over the past 20 years to Asia, we no longer have the manufacturing capability in place to support a protracted war. If this were 1941, we would be positioned to lose the war as we would not be able to import the raw materials, we would not have the factories in place, and we could not build the factories fast enough.

I’d rather pay $10 more for a domestic tent, $2.00 more for a domestic polyester shirt, or 50 cents more for a domestic plastic bowl than be in a position where this nation’s supply lines would be cut at the beginning of a conflict and the factories would not exist to be converted to war production. In the event of war with China, does anyone believe we will be able to import chips, clothing, tires, and other materials once the war begins?

[Toddsterpatriot]

None of our vital military components should be made in China.

[Carry_Okie]

Tapping out a signal that way would be troublesome.

I have a degree in signal processing. It's been a long time, but, having seen switches capable of sensing distinctions at -60dB, well, I have no idea any more what these guys can do now, so I asked. It would take a trigger string or spread spectrum key, but with so many devices that's not likely. The liability would be that once known, it could easily be canceled. The problem for the listener would be detecting and untangling the multiple identifiers amid so much noise.

My point in asking the question was to point out how unlikely it is that if the Chinese are that motivated to penetrate our systems, then we just should never buy the stuff. It can't be that much cheaper and what with the requirements of Mil-Spec documentation, they probably cheat on that too. Not that I think all that paperwork accomplishes diddly, but it is unfair to the domestic supplier. The benefit to us of having our auditors on the ground there was clearly illusory.

[Carry_Okie]

None of our vital military components should be made in China.

How about all those laptops Toddster??? Those get "vital" too, depending upon where they are used. This economy would come to a stand-still if they Chinks (and in this instance, pun intended, because that is what they are installing in our equipment) had so much as a "get lost, permanently" destruct mechanism.

You guys just don't think about possibilities very well when the prospect of an extra $.03 per part is waved in front of your nose.

[Toddsterpatriot]

How about those laptops?

I don't save $.03 per part.

You must be confused.

[green iguana]

“Skorobogatov notes that 99 percent of chips are manufactured in China”

Um, no. Not even close. Maybe .99%, but that seems a bit too high to me. Quite a bit too high, actually.

[green iguana]

None are. Taiwan is a different story, but China? No.

[GOPsterinMA]

Filthy, dripping, oozing whores - all of the Rats!!!

[Carry_Okie]

I don't save $.03 per part.

Apple, Acer, and others do. That's how those parts get here. Or do you know crap about manufacturing?

You must be confused.

Culpable denial is confusion in the eye of the beholder.

[sam_paine]

null&void: Weren’t you assuring us that this wasn’t happening just 2 weeks ago today?

No. It was exactly ONE week ago. Thanks for the ping to another anthill, tho. =)

The question is: does anyone really want to know that the author of the study in question (Sergei Skorobogatov) specifically said that what he found in an FPGA programming method had nothing to do with the Chinese?

Does anyone here really care about the real potential for espionage from Norks, Russians, and Chinese that can so easily be done via USA fabs and design houses?

Does anyone here care that these stories are being ginned and purposefully conflated with the instances of counterfeiting done in every country of origin with nothing to do with software/networking espionage like Stuxnet (which was also not Chinese)? Does anyone care that these stories are fanned by Richard Clarke and Carl Levin to push their establishment agendas, and distracts from the numerous "legitimate" ways to infiltrate US military systems.

IOW, these guys are interested in directing attention away from their buds in the existing sloppy military procurement bureaucracy, away from the wide-open real threats to espionage in San Jose, California, for example, and on to those bastard freetradecommies that everybody hates. Did Clarke mention he has a book out for sale?

Fake Chinese Parts 'Found In US Planes'

05/30/2012 12:54:31 PM PDT · 176 of 177
sam_paine to Justa; jrestrepo; NVDave

So now we all agree! Like I was saying...

BI: Could you respond to this Errata post ("Bogus story: no Chinese backdoor in military chip") specifically?

[Sergei Skorobogatov] 1) We have made no reference to any Chinese involvement in either of the released papers or any reference to espionage. Therefore we don't agree with Robert Graham's assertion that we suggest Chinese involvement. So we have no idea why people have linked the Chinese to this as it did not come from us.


[Sergei Skorobogatov] 2) As far as we are concerned the back door was implemented by the manufacturers at the design stage and we suggest that in the papers.

That is from your "rebuttal" link, Justy.

Ok? So now we can all agree that the article of the original thread is about fraudulently copied functional equivalents, and not Chinese espionage like Sergei Impliedalotovstov says he's not alluding to. And we can agree that your rebuttal's author Sergei found a method to read out Actel's FPGA programming....which would allow certain data to be read if you could clip wires onto that physical system.

Wooptiedoo! Anyone who has ever fired up an evaluation board with a microcontroller or FPGA from Actel or Xilinx has known this for decades.

I've already mentioned upthread a more glaring, public, non-hidden problem with FPGAs which have the ability to be programmed via serial links and networks. So yeah, those systems could be vulnerable to cyberattacks from Korea or Russia or Israel or China. But that is coming from insecure design and development of the intended, advertised product MADE IN THE USA. Not Chinese "backdoors" in resistors!

But Sergei Wrotealotovrot did a smart thing by fanning the espionage flames. Otherwise his "expose" of an obvious internal exploit for a particular US design would've gotten ho-hum interest from anyone who knew anything about JTAG programming of FPGAs. BTW, you realize that the engineers who implemented that JTAG logic function have a design spec internally, and they have a Verilog or VHDL description of it, and tested it internally. Anyone who worked on that project knows everything Sergei Didalotovnada learned, and was not under any kind of military clearance, and might not have even had a non-disclosure agreement with respect to emailing it to a colleague, customer, student or chinese spy!

Post Reply | Private Reply | To 174 | View Replies

176 of 177

[SaraJohnson]

Globalism is a suicide pact among the elitists. Citizens of the world - US politicans and private industry - could care less if the US is burried or not and they are making the suicidal decisions for the “their people” of the globe on global trade. All degrees of treason can be and are being rationalized.

[null and void]

Thanks for your prompt and excellent reply. I missed last weeks anthill, I found a similar one I was involved with on the 23rd.

To the degree that Chinese manufacturers robotically use our layouts and mask sets there is little danger of them using our designed in back doors.

Unfortunately we train a LOT of Chinese engineering students in our universities, and SOME of them are PLA officers, and SOME of them are quite capable of reverse engineering our designs to insert any back doors the Chinese government desires.

The rules of threat assessment call for identifying what an enemy is capable of doing, not necessarily what they are actually doing.

They are capable of inserting a dormant shut down code in every microprocessor they manufacture, some of those chips might work their ways into critical systems. Most will end up sprinkled throughout our electronic infrastructure.

How much havoc would ensue if say, 10% of our gas pumps, heart monitors TV stations and home shopping computers all died in the same hour is an exercise left to the reader...

[sam_paine]

They are capable of inserting a dormant shut down code in every microprocessor they manufacture, some of those chips might work their ways into critical systems. Most will end up sprinkled throughout our electronic infrastructure.

Of course that's correct....but....it's sooo much easier and more effective to "insert a test mode" via a commie sympathizer sellout round-eye in San Jose or Austin!

I'm sure you recognize that it's exceedingly hard and dangerous to slap in some hard logic into a mask and have it not only work, but not screw up other functionality or test vectors, risking discovery.

It's far easier to feed it in at the top of the food chain in HDL as a "test register" right out "in the open." Except "in the open" might be well documented on Page 1,442 of the design datasheet, which is an internal Intel or Freescale document that nobody in Federal Procurement will ever see, much less read.