Grey Tech
Are the components really counterfeit or are they "grey market" items?
An FBI probe has uncovered the use of counterfeit networking kit by the US military, but subsequent investigations suggest a counterfeit ring more interested in money making - rather than espionage - was behind the scam. Operation Cisco Raider led to the prosecution of 15 criminal cases involving the use of knock-off …
Grey market sounds more likely than actual fakes.
But the real story isn't the 'fake' gear, but the agenda that's being pushed.
An increasing number of stories are coming from the US about potential espionage or remote kill switches due to foreign sourced components.
This all sounds more like a protectionist ploy rather than a real threat.
One story was warning of the threat from French sourced bits providing a means of remotely disabling weapons systems. Which sounded like bollocks to me - quite how you'd activate an embedded semiconductor to do something, if this wasn't part of the overall system design, isn't really clear.
I can see how you'd do it with a PC, or a network switch, but getting paranoid about components goes too far.
Though it does make perfect sense it you're a US manufacturer trying to protect your pork supply in the face of superior imports...
Haven't there been cases of some Chinese (or other) plants making stuff for companies overseas running an extra shift or doing an extra production run or two to knock out some unauthorized additional products? The stuff might be made in the same factories, but not be "genuine", exactly. Also, if the place makes (for example), the main boards but doesn't do final assembly, they might be selling to someone else who is making the fake cases and putting it together.
"Grey" is usually stuff just sold in a market other than its intended one. And while it is illegal in the US to sell grey-market items as products intended for the US market (fraudulent), grey-market goods themselves are not prohibited here the way they are in the EU. There might be government / DoD rules about it, however.
I belive what happened was the manufacture in china for cisco, started selling the kits directly, and or they fell off the truck on the way to cisco..
Kind of like if you steel all the parts to make a Ferrari from the Ferrari plant . At that point is if counterfeit, or is a stolen Ferrari .
Oh buy cheap , sell high scam , that's the second oldest trick in the book and has been going on in the the land of the paranoid was incorporated in 1776 in the land of the paranoid and insecure .
I believe it is called the "American Way of Life and standard best corporate business practices Halliburton Style "
After all it is a scam a second country at level of society !
Unfortunately, this is "the next frontier" for phishing and other criminal data theft schemes. As countermeasures become more effective in blocking and stopping botnets and the usual means of capturing financial information (except in the jolly old UK, where "falling off the back of a lorry" is still the preferred method), "man in the middle" diversion of data streams will become more important. Fake hardware delivered to ISPs or even surreptitiously replaced in remote locations to divert specific addresses to phishing sites will become more important. Yes, it will be easy to find...once the problem is recognized - and that might take a while, given that the average ISP's attitude is "not my problem" when confronted with a security issue.
Even the technology isn't as difficult to create, as most devices would only need a change to the firmware to institute the diversion. Sophisticated stealth to match hashes and checksums isn't that hard, and programming can even reset to "factory" on power failure to prevent further snooping if the problem is detected.
No, laddies, THIS is the attack I'm afraid of. With the power of the information Mafia behind it, this could be happening even now and no one is the wiser for it...
Isn't it amazing. We give these countries all the technology and know-how so we can outsource commerce and industry because foreign labour is so much cheaper. This is something I've observed since WWll. First Germany and Japan. Then when their cost of living goes beyond a certain point commerce and industry finds some other cheap labour source. Korea, Taiwan, Vietnam and now, just to keep the shareholders happy, we pick the country with THE largest workforce in the world as a cheap source of labour.
Since the postwar years Germany has gone on to have one of the worlds strongest economies while Japan began by producing cheap imitation rubbish and where are they today? Look at the other cheap labour pools we've used along the way and look where they are, then imagine where China will be tomorrow.
Mine's the one hanging over the walking frame with the go-faster stripes.
>>getting paranoid about components goes too far.<< - They, being Americans, says it all !!
@Why did we buy Military Networking Gear from China? Are we that stupid??? - So that you can run Windoz for War on them !!
@Such Language - actually underlined *IS* the correct usage since "score" means to cut or gouge something and that mark is now made (usually) by ink ejected against the paper !! Besides which, only real or wannabe Septics use "underscore" !! Real English use "underline" !!
PH because she wouldn't care so long as she's under !!
" ...how they were able to modify a Sun Microsystems SPARC microprocessor to effectively create a hardwired backdoor .."
The compromised CPU was the LEON3 SPARC processor from Gaisler Research, not a SUN CPU. The conference paper is here if somebody actually wants to read it ...
https://db.usenix.org/events/leet08/tech/full_papers/king/king.pdf