Posted on 06/05/2012 10:06:32 PM PDT by ex-Texan
Alarming report reveals malware in silicon chips
A recent study found that a U.S. military chip manufactured in China—widely used in systems for weapons, nuclear power plants, and public transport—contains a built-in backdoor that allows the Chinese regime access to critical U.S. systems.
“In other words, this backdoor access could be turned into an advanced Stuxnet weapon to attack potentially millions of systems. The scale and range of possible attacks has huge implications for national security and public infrastructure,” writes security researcher Sergei Skorobogatov on his blog. Skorobogatov is from U.K.-based Hardware Security Group at the University of Cambridge, the group that conducted the study.
The Stuxnet weapon he refers to was a piece of malware that was able to physically destroy nuclear centrifuges at an Iranian nuclear plant.
Going off claims from some of the world’s top intelligence agencies—among them MI5, NSA, and IARPA—that computer chips could be preloaded with potentially devastating malware, Hardware Security Group decided to put this to the test.
“We chose an American military chip that is highly secure with sophisticated encryption standard, manufactured in China,” Skorobogatov said. They used a new form of chip scanning technology to “see if there were any unexpected features on the chip.”
“U.K. officials are fearful that China has the capability to shut down businesses, military and critical infrastructure through cyber-attacks and spy equipment embedded in computer and telecommunications equipment,” he said, noting, “There have been many cases of computer hardware having backdoors, Trojans, or other programs to allow an attacker to gain access or transmit confidential data to a third party.”
Their complete findings will be published in September, in a paper called “Breakthrough silicon scanning discovers backdoor in military chip,” which Skorobogatov says “will expose some serious security issues in the devices, which are supposed to be unbreakable.”
The chip scanning technology is still relatively new, and thus, studies such as this are few and far between. Skorobogatov notes that 99 percent of chips are manufactured in China, and the prevalence of such malware is something he and his research group would like to investigate further.
Even so, the issue of the Chinese regime planting malware in exported technology is not unknown.
Back in July 2011, Greg Schaffer, acting deputy undersecretary of the Department of Homeland Security (DHS) National Protection and Programs Directorate, testified before the House Oversight and Government Reform Committee.
After being pressed with questions around this, Schaffer admitted he was “aware of some instances” of foreign-made software and hardware being purposely embedded with malware, The Epoch Times reported.
Rep. Jason Chaffetz (R-Utah) continued pressing Schaffer on this, and after trying to avoid the question or give vague responses several times, Schaffer admitted that he was aware of this happening, and said, “We believe there is significant risk in the area of supply chain.”
“This is one of the most complicated and difficult challenges that we have,” Schaffer said. “There are foreign components in many U.S. manufactured devices.”
Few details have been revealed since. Yet, in April 2011, the Commerce Department sent a survey to U.S. telecommunication companies—including AT&T Inc. and Verizon Communications Inc.—demanding “confidential information about their networks in a hunt for Chinese cyberspying,” Bloomberg reported in November 2011. Built-in Spying
Among the information requested were details on foreign-made hardware and software on company networks, and it asked about any findings of “unauthorized electronic hardware” or anything else suspicious, Bloomberg reported.
There seemed to be a tight lid on this, even then. A senior U.S. official spoke to Bloomberg on anonymity, noting, they report, “The survey represents ‘very high-level’ concern that China and other countries may be using their growing export sectors to develop built-in spying capabilities in U.S. networks…”
This was further exposed a month later by author and freelance writer Robert McGarvey, reporting for Internet Evolution. He was told by Don DeBolt, director of threat research at the New York security-consulting firm Total Defense, that “China has been bugging our computers for a long time,” and “We have seen cases where malware is installed at the BIOS level. Security suites do not detect it.” Computers all have a BIOS (Basic Input/Output System) chip that is sometimes hard-coded, meaning they can only be written once and contain information about the system’s hardware.
And just recently, on April 29, former U.S. counterterrorism czar Richard Clarke, who now runs his own cybersecurity firm, told Smithsonian Magazine that such Chinese malware even exists at the consumer level—in shocking prevalence—stating that everything from silicon chips, to routers, to hardware could be loaded with logic bombs, Trojan horses, and other forms of malware.
“Every major company in the United States has already been penetrated by China,” Clarke told Smithsonian Magazine.
“My greatest fear,” he continued, “is that, rather than having a cyber-Pearl Harbor event, we will instead have this death of a thousand cuts. Where we lose our competitiveness by having all of our research and development stolen by the Chinese.
Related Articles
US Military Gearing Up for Cyberwar
“And we never really see the single event that makes us do something about it. That it’s always just below our pain threshold. That company after company in the United States spends millions, hundreds of millions, in some cases billions of dollars on R&D and that information goes free to China. … After a while you can’t compete,” Clarke concluded.
China probably manufactures all weapons and ammunition used by US troops and most of our military airplane parts. The whole world is corrupt and China is getting richer while we are getting poorer. Sad but true
*Ping* !
Yeah but their backdoor has on of our backdoors so.......well I wish. What the hell do we expect to happen when our chips are made by COMMMMMMUNNNIST CHINA.!!!
Nixon, Kissinger, China, “free trade,” RINOS.
See tag line.
I think most free trade advocates would make the argument that national security should not be farmed out to any foreign bidders, lowest bid or not. Some things are worth paying extra for.
DUH! Stupid is as stupid does.
All the people in positions to do anything about this are either quietly fixing the problem or think themselves immune to the disaster.
We’re lucky to have survived for this long.
To bad the greedy and stupid CEO’s strip mining our country for short term profits didn’t get the memo. China is strategically cleaning our clocks and the free trade crowd says look I made another 100 million so I must be successful. Profits are not everything and collapsing the economic system to prove this point is going to be painful.
Were the companies importing said products LIABLE for said risks, my bet is that they would not be doing this.
Kruschev once said, “We will hang you ... and you will sell us the rope”.
Close. “We’ll hang ourselves and buy the rope from you.”
Weren’t you assuring us that this wasn’t happening just 2 weeks ago today?
Normally all security critical systems are kept off the public internet, so there would be no way for a spyware worm to communicate with a back door. However there are tricks like putting the worm on a thumb drive, labeling it porn, and “losing” it in the parking lot of a secure facility.
One wonders if these chips can be queried through their power supplies via the power grid. Doubt it, but it would be interesting. If you did the transmission slow enough, the signal to noise might be lower and yet harder to detect.
And a foreign state owned telecommunication company is also a primary provider for sensitive US Government communications systems. But it’s okay, that government is mostly friendly to our causes - except when it’s not and actively works against us. That only happens every other year or so, so I guess that is a risk we can take.
Tapping out a signal that way would be troublesome. Computing equipment might sense power sags, but would be oblivious to any signal frequencies riding on the power wires, and would have no way of modulating same. That is, not without purpose built equipment, such as ethernet over power lines. And causing a sag to happen would be instantly seen as a bad, bad bug.
Manufacturing American military software in a potentially hostile country just amazes me. Whose dumb idea was this?
Whose dumb idea was this?
people who made a lot of money.
May they suffer greatly.
“Whose dumb idea was this?”
Bill Clinton’s?
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.