DoD or DoD'oh?

[twilyth]

Looks like the most secure networks on the planet could have been compromised. They're saying they weren't, but then how likely is that they would admit if they had?

Counterfeit Cisco components

U.S. military had counterfeit Cisco networking gear in its secure networks

For many in law enforcement and national security in the U.S. security concerns are very big after the FBI discovered that the U.S. military had bogus computer gear in use in its military networks. The fear is that counterfeit networking components could introduce Trojans and possible security breaches into secure networks in America.

According to The New York Times, the FBI ran an investigation called Operation Cisco Raider that has so far led to 15 criminal cases involving counterfeit products that were bought and in use by U.S. military agencies, military contractors and electric power companies in America.

Operation Cisco Raider uncovered 3,500 counterfeit Cisco network components, with an estimated value of $3.5 million. According to the FBI’s briefing of the Office of Management and Budget, the counterfeit equipment could allow the remote jamming of networks thought to be secure and possibly could allow access to networks remotely.

A Cisco spokesman told The New York Times, “We did not find any evidence of re-engineering in the manner that was described in the FBI presentation. We know what these counterfeiters are about." Cisco believes that the counterfeiters weren’t attempting to get products into the market that would allow intrusion into secure networks. Rather Cisco feels that the counterfeiters were simply trying to produce copies of popular products to make fast money.

The threat of gaining access to secure systems via backdoors and exploits in hardware is real. Researchers at the University of Illinois were able to modify a Sun Microsystems SPARC processor by altering a data file on the chip. The chip altered was used in automated manufacturing systems and the modifications allowed the researchers to steal passwords from the system the processor was used in.

The issue of compromised hardware used in defense systems was highlighted with the bombing of the suspected Syrian nuclear plant by Israel. In that recent example, security analysts believe antiaircraft weapons were compromised and were turned off remotely prior to the attack.

Compromised hardware isn't the only source of security breaches for secure networks. A simple phishing attack on one of the countries most prestigious research laboratories allowed the breach of information from networks at Los Alamos.

[mrcape]

lol @ Operation Cisco Raider

Who names this stuff?

[saaya]

The issue of compromised hardware used in defense systems was highlighted with the bombing of the suspected Syrian nuclear plant by Israel. In that recent example, security analysts believe antiaircraft weapons were compromised and were turned off remotely prior to the attack.

huh? what? when did israel bomb a nuclear plant in syria???

[nn_step]

Well atleast this will help enable open source hardware to start moving forward.

[[XC] gomeler]

Hahahaha! This is the ultimate way to intercept information. I imagine they didn't even screen the contractors, just let them in with their boxes.

huh? what? when did israel bomb a nuclear plant in syria???

I think it happened about a year ago? Don't think it was Syria though, wasn't it another country? I just remember analysts all getting pissy about the idea of it being a breeder/refinement reactor.

[Zytek_Fan]

huh? what? when did israel bomb a nuclear plant in syria???

A REALLY long time ago.

[twilyth]

Well atleast this will help enable open source hardware to start moving forward.

Open source? Hardware? Does not compute. Does not compute.

[nn_step]

Open source? Hardware? Does not compute. Does not compute.

http://en.wikipedia.org/wiki/Open_source_hardware

[twilyth]

http://en.wikipedia.org/wiki/Open_source_hardware

Interesting.

[nn_step]

Interesting.

now the really surprising part is that right now Open Source hardware is competitive against commercial processors in terms of performance

[[XC] gomeler]

A REALLY long time ago.

Oh, I must have been thinking of something else. Perhaps it was bombing something in Iran?

[Soulburner]

You guys are kidding, right?

The building was bombed last fall.

[Frank M]

What really scares me is this:

The threat of gaining access to secure systems via backdoors and exploits in hardware is real. Researchers at the University of Illinois were able to modify a Sun Microsystems SPARC processor by altering a data file on the chip. The chip altered was used in automated manufacturing systems and the modifications allowed the researchers to steal passwords from the system the processor was used in.

So the hw you are using could be spying on you without you ever knowing it?
I think I'll resort to my fingers and toes for my calculating needs
*tinfoilhat*

[gallardo]

So the hw you are using could be spying on you without you ever knowing it?
I think I'll resort to my fingers and toes for my calculating needs
*tinfoilhat*

That's the beauty of anonimity. Nobody cares about you so they don't bother hacking you.

[Speederlander]

huh? what? when did israel bomb a nuclear plant in syria???

Several months back.

[Speederlander]

A REALLY long time ago.

No, you are thinking of Iraq. Syria was recent.

[twilyth]

So the hw you are using could be spying on you without you ever knowing it?
I think I'll resort to my fingers and toes for my calculating needs
*tinfoilhat*

I have an old IBM XT with 256k (maybe 512k) of ram and an AST 6-pack that I guarantee is spyware free. And nn_step can probably get you Commodore 64. We just have to keep it on the down-low.

[Hornet331]

Well atleast this will help enable open source hardware to start moving forward.

never gona happen for military or other critical applications.

[Serra]

Well atleast this will help enable open source hardware to start moving forward.

?

Why, because people couldn't possibly counterfeit open source hardware and alter it to their own nefarious ends? Unless you're going to inspect the hardware to ensure it's what you asked for, I'm sure it's not possible to screen for people doing things to it.


In other news, I don't believe there is usefully any nefarious way to make use of this networking equipment. First off, passwords in any deployment aren't stored on the device... they're stored in a TACACS or RADIUS server, against which a person is authenticated. So no passwords. From there, any even slightly secure place will keep a traffic log, so if somehow they inserted code to trunk data from all ports out to a FW to a remote computer (which, incidentally, would surely set off an alarm when the traffic on that port constantly saturated its link) it should be caught before too long.

Let's take off our tinfoil hats and go home, nothing to see here...

[vitaminc]

huh? what? when did israel bomb a nuclear plant in syria???

I thought Germans would pay more attention to the world news instead of living under the rock like Americans, but I was wrong in generalizing.

You guys are kidding, right?

The building was bombed last fall.

Yup, but there's no nuclear plants, just a Syrian government building.

No, you are thinking of Iraq. Syria was recent.

Bombing was last year, AFAIK, the news came out recently in the past few months/weeks.

The Israelis Zionists are turning into terrorists. They had a picture of a North Korean nuclear scientist and Syria's Energy Department head together in Syria. So they bombed the building, believing Syria is refining materials for Nuclear weapons. But at the same time, Uncle Sam released news/informations on how the North Korean are faking all the time about their capabilities to produce nuclear weapons. So the whole thing is a freaking mass.