Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
Security Businesses Hardware Technology

Counterfeit Chips Raise New Terror, Hacking Fears 173

mattnyc99 writes "We've seen overtures by computer manufacturers to build in chip security before, but now Popular Mechanics takes a long look at growing worries over counterfeit chips, from the military and FAA to the Department of Energy and top universities. While there's still never been a fake-chip sabotage or info hack on America by foreign countries or rogue groups, this article suggests just how easy it would be for chips embedded with time-release cripple coding to steal data or bring down a critical network - and how that's got Homeland shaking in its boots (but not Bruce Schneier). While PopMech has an accompanying story on the possible end of cheap gadget manufacturing in China as inflation rates soar there, it's the global hardware business in general that has DoD officials freaking out over chips."
This discussion has been archived. No new comments can be posted.

Counterfeit Chips Raise New Terror, Hacking Fears

Comments Filter:
  • ARRRGH! TERROR! (Score:5, Insightful)

    by Jeremiah Cornelius ( 137 ) * on Monday March 10, 2008 @04:05PM (#22706988) Homepage Journal
    EVERYTHING is now a "terror threat".

    Do you suppose someone figured out that "terror" is a funding goldmine? That the way to ride this gravy-train was to pump up the volume on the "terror" megaphone?

    It's pretty funny - 'til the unintended consequences land you "in internal exile", or "extraordinary rendition".
    • Re:ARRRGH! TERROR! (Score:5, Insightful)

      by corsec67 ( 627446 ) on Monday March 10, 2008 @04:24PM (#22707310) Homepage Journal
      Just like how "think of the children" is a useful phrase for fucking over the American people's rights.

      "Free speech" - "Think of the children", by the FCC
      "Marijuana/drugs" - "Think of the children", by the DOJ

      So, combine "think of the children" and "terrorists", and the Constitution becomes irrelevant.
      • by SleepyHappyDoc ( 813919 ) on Monday March 10, 2008 @04:54PM (#22707810)
        What about child terrorists?
      • Re: (Score:2, Interesting)

        by davester666 ( 731373 )
        It's already been done. The megaphone's that Homeland Security uses have already been hacked. They say "everything's fine" into the megaphone, but the evil terrorist's have hacked all of them so what comes out is "There's a terrorist everywhere, including inside your basement and inside your cellphone. You aren't safe anywhere."
      • by Ucklak ( 755284 )
        That's right. "Think of the Children" right alongside getting these chips "Certified" and "Tamper Proof".

      • So, combine "think of the children" and "terrorists", and the Constitution becomes irrelevant.

        I think the public is already cynical and jaded from overuse of these two expressions. What is needed now is an immediate putdown for them. Something snappy and to the point. Something like "The kids are alright." or "...and their 72 virgins." Once these reach meme status, the healing of western civilization (what's left of it) can begin.
    • Smoke and Mirrors (Score:3, Interesting)

      Absolutely. If there were any real threat of a problem here, it could easily be dealt with by very simple technology, but the major manufacturers seems to not want to do that and rather go off on a smoke and mirrors terror binge. Many CPUs have long had a unique serial number built into them. Intel even gained a lot of consumer wrath when they wanted to use this ID to make it easier for every Internet advertiser to track you and amass more personal data about you. But they never made it easy for the user
      • by mlts ( 1038732 ) *
        Another idea is to have a random value on the chip, and have a function that takes some input "X", concats it with the random value, then outputs a SHA-512 hash. The random value which is the seed of the hash would also be stored in a highly secure database at the chip maker's place.

        Then, the chip maker can tell someone that genuine chips, if given the value of "foo" with the function, will output a hash "bar", and then give a list of "bar" outputs. Then, periodically change the "foo" value so if someone
        • Oh, there are plenty of other things that can be done if you want to add stuff to the chip. My point was that more can be done with what is already on the chip, but the chip makers just are not doing it. As to the fake chip makers finding one good serial number, sure, they could find out a chips serial number if I can check my own, but having hundreds or thousands of new Dell or Lenovo notebooks all showing up on the database with the same serial number and a comment in the database "an end-user has already
          • I'm guessing this can apply to more than just CPUs, however current CPUs would be tremendously hard to counterfeit. How many people have significant resources invested in the chip industry? I think intel is the only one that's on to 45nm and moving on. Would counterfeit chips be able to come close performance wise? (Assuming the user won't notice anything under a 20% drop in speed)

            In other devices, the chips can probably be copied more easily, but replacing the chips would be quite difficult, like in say a
            • you still miss the fundamental fact that many chips like iPods are made IN CHINA, and assembled IN CHINA.... who's to say they don't simply hijack an iPod firmware to phone home? With so much made over their legally, watching for "illegal" hacks applied to the legal exports would be impossible if the Chinese really wanted to cause trouble.
    • by OTDR ( 1052896 ) on Monday March 10, 2008 @06:26PM (#22709072)
      One can find genuine reason to be worried with the US military without ever worrying over a problem so clever as counterfeit chips. US DoD has routinely exhibited worrisome practices for years.

      I work in the field of modeling & simulation supporting training and flight testing for the Army. Time and again when I've tried to find an ICD (interface control document) or spec on a low-level protocol for some box on an Apache Longbow in the end it discovered that the Government never bought said document from the manufacturer (McDonnell-Douglas, or now, Boeing). Each thing is simply an LRU (line-replaceable unit) black box whose innards are irrelevant -- the I/O is documented but when they fail the box goes back to the vendor for repair. And if you want the specs, call Boeing and they'll be happy to talk sales. US DoD acts this way in the name of "cutting costs" and the up-front bottom line probably is lower. For US companies, such as Boeing, this is no big deal since we're more or less all on the same team.

      Now, flash forward -- DoD is increasingly awarding aircraft contracts to non-US companies. Take the recent US Army LUH (Light Utility Helicopter) that went to EADS North America (or the Airforce tanker contract that went likewise to EADS). This same cost-cutting "don't need this spec or that spec" mentality is still used. Now you have entire military aircraft being delivered with large-scale black boxes (easier to build than counterfeiting chips) which are potentially just as rogue. Who's to say there's no malicious firmware in there? No one seems to be looking or caring. Can anyone prove that any given system isn't poised to intentionally upon receipt of some pre-planned stimuli?

      There's a lot more to worry about than "terrorists" -- mindless bureaucrats can be just as dangerous. The funny thing here is the opposition I've run into pushing for the adoption of Open Source tools. Despite a few agencies here and there employing Open Source with great success, a few memos of "endorsement," and a few official studies touting value, most DoD bureaucrats can't get past the "source is open to 'hackers' therefore must be a security threat" mentality.

      Department of Dumbasses, your US tax dollars at work.
    • by mrmeval ( 662166 )
      The law enforcement growth industry.
      http://deoxy.org/lawenfor.htm [deoxy.org]

      "Let's just say that those who don't study history are doomed to get their butts kicked by the geeks who do."
      --Kevyn http://www.schlockmercenary.com/ [schlockmercenary.com]

      And who would know history and how to rape the proletariat better than our two current parties?
  • by MichaelCrawford ( 610140 ) on Monday March 10, 2008 @04:05PM (#22706994) Homepage Journal
    There's been a problem for many years, in which bolts whose heads are marked to indicate that they are high-strength, are actually made from cheaper low-grade steel, and are therefor counterfeit.

    A construction worker was killed while torguing such a bolt while building the Saturn car factory. The head tore off and he fell to his death.

    In the same article where I read this, a general complained that you could find broken bolts littering the ground in the path of tanks on training maneuvers.

    There is a way to test bolts for strength, but it's expensive.

    • Re: (Score:3, Interesting)

      by TooMuchToDo ( 882796 )
      I would think this could be fixed by having an agreement with the manufacturer/provider that said they were financially liable if the material/product you received was not what you ordered.
      • by TubeSteak ( 669689 ) on Monday March 10, 2008 @04:40PM (#22707570) Journal

        I would think this could be fixed by having an agreement with the manufacturer/provider that said they were financially liable if the material/product you received was not what you ordered.
        Which means insurance, testing, paperwork (in triplicate at a minimum), inspections, etc etc etc.

        That'll significantly add to the cost when your price per unit is measured in pennies.
        • Which means insurance, testing, paperwork (in triplicate at a minimum), inspections, etc etc etc.

          That'll significantly add to the cost when your price per unit is measured in pennies.

          I agree, but space agencies have to deal with the extra costs due to electrical (and other related) components needing to be within more precise tolerances. Why not mission critical bolts? The space shuttle is held to the launch platform by two huge explosive bolts that only detonate and release the shuttle after the on-board computers determine all three main engines are fired up properly. How much is too much additional cost to ensure you don't lose a $1 billion+ space vehicle because of faulty bolts?

        • the trouble is middlemen going cheap... the guy that goes thru the hardware store not the actual supplier. That's because the real supplier is charging extra to hand sort and count them, and do pounds of paperwork for a "bolt" to get the contract. That's why "cheating" or "counterfeiting" is so profitable, even for the people that know they shouldn't buy the stuff.
    • Re: (Score:3, Insightful)

      by multisync ( 218450 )

      A construction worker was killed while torguing such a bolt while building the Saturn car factory. The head tore off and he fell to his death.


      Where the hell was this plant being built? That worker should have been wearing fall protection.
    • Re: (Score:3, Informative)

      Expensive? We did this in lab in engineering. You pull on the bolt until it fails. If I was building something I'd test one out of every 100. Just grab a random one and test it. If it fails way early put the entire shipment into hold.
      • by arivanov ( 12034 ) on Monday March 10, 2008 @04:31PM (#22707404) Homepage
        That is just for torque. This does not say anything about resistance to material fatigue and so on.

        Anyway, the only reason why Homeland Security is sh*** its pants on this is that the biggest spook sabotage achievement on USSR was apparently done this way when a gas pipeline blew up due to malfunctioning of counterfeit gear. However, we do not live in the 80-es. The computers and control gear has grown much more sophisticated and frankly, if anyone wants to plant such a bomb today they will do it in software. Much cheaper and much higher probability of success.
        • So you bend them or twist them or pull them. Material properties of steel are pretty well known and they're all related by some fun math.
          • by arivanov ( 12034 )
            yes, but bending, twisting and pulling to a programmed pattern is actually what requires expensive equipment. Ripping bolt heads of is quite easy by comparison.
        • Software? You mean those 1s and 0s right? They could just compile a nice data stealer, link in all the dependencies (theres probably some CS term for self-sufficient code) and put it on a ROM. When the time comes, just start reading off the ROM over whatever was being executed before. Modern CPUs are way over my head, but I assume there's some sort of hyper advanced analogue to not checking for interrupts and running on bare metal. The program executes, the chip halts or lets the OS panic into catatonia whe
      • Many companies do this as a standard process. The company I work for does this more randomly and its not just the "first shipment", its all shipments period. The things they test are tested for long term endurance to make sure it doesn't just "look okay". Fairly rarely that they see a counterfit/etc, and pretty quickly that they get using inferior materials turned around too.

        Of course in China and whatnot the requirements are much lower.
    • Re: (Score:3, Insightful)

      There is a way to test bolts for strength, but it's expensive.

      More expensive than wrongful-death compensation? Someone must have amortized this.
    • The failing bolt caused him to fall? What was he doing, leaning over an edge while putting all his weight on the wrench? The counterfeit bolt was part of the problem but it also sounds like they need to adjust their safe working practices. I don't mean to disparage the man who died. But that accident sounds like it could have been prevented even with the bogus bolt.
    • Re: (Score:2, Interesting)

      There is one simple time honored solution:

      Execute every manager and owner of a company found to engage in such corruption.

      Such corruption strikes at the very heart of civilized society, and it should be punished with ferocious justice. It is time people in positions of authority answer for their incompetence with their lives.
    • by dbcad7 ( 771464 )
      Although I agree with you that bolts which are improperly graded is a serious problem, I have to wonder about the cause of this fall.. Lets say he was torquing the bolt as you say, he would have still fallen if the socket slipped off the bolt.. so obviously he was not being safe... What's a greater concern, is that if all of these cheap bolts had survived torquing, it would not be known that there were weak bolts holding the building together.

      I would also point out, that when buying materials for construct

    • by ediron2 ( 246908 ) * on Monday March 10, 2008 @06:13PM (#22708912) Journal
      seriously, since this sounds wrong (several ways), where do you say you read this and when?

      I've spent ten minutes googling combinations of bolt, shear, torque, substandard, high-strength, fell, factory, saturn, construction, osha, death, died, fall-hazard, snopes, urban-legend and a dozen other word combinations... no sign of this in or out of snopes.

      Testing precisely is expensive. Testing within an order of magnitude isn't: twist until the bolt-head shears. As for low-grade metal being substituted in, I know a few pipefitters that can do a so-so job identifying metal composition by looking at how the metal grinds and the color of the sparks coming off the grinder.
  • ...for this [slashdot.org], after all.

    The focus of comments through the article was that very few people had actually come across counterfeit chips, and the financial repercussions were limited. This shifts the focus to security, which does raise different questions

    • Re: (Score:2, Informative)

      The only counterfeit chips I have seen came from the "grey" market. The original manufacturer had obsoleted the device (an operational amplifier) but the project had been so long in development it was impractical to re-engineer a fully qualified design to use more modern parts. (Medical equipment takes a long time to get through all the relevant testing to ensure compliance!)

      So, the use of one of the many obsolete parts vendors (companies that specialise in the supply of older parts, often bought as exce
      • To sumerise your post, due to regulatory (must use this exact part or go through recertification) and supply (manufacturer discontinuation) your company was pushed into taking the desperate measure of buying ICs from dubious suppliers without knowing thier original source.

        I wonder how often counterfiet chips end up in things like medical gear without being noticed, it is a rather scary thought and potentially far more dangerous than a carefully chosen substitution by engineers who know the product.
  • That's not Wise... they're Lays!
  • by Lemental ( 719730 ) on Monday March 10, 2008 @04:08PM (#22707054)
    This [sfgate.com] was only the beginning. Cant wait until next holiday season.
    • Sounds like a great tool for spear fishing. Buy a crate of 'em and ship them off to the various executive officers of (Fortune 50 for example) companies. All you need is someone to whip you up a custom trojan that'll slip by most virus scanners.
  • TFA (Score:4, Informative)

    by The Living Fractal ( 162153 ) <banantarrNO@SPAMhotmail.com> on Monday March 10, 2008 @04:08PM (#22707064) Homepage
    I didn't read TFA but is it suggesting that a highly advanced technology could be 'easily' counterfeited and delievered to US facilities? Assuming it would take another highly advanced country to do this... Doesn't this really mean war, not terror? If we find out a sovereign nation is attacking us through this channel I would call it war -- even if that means they are knowningly supplying terrorists with the chips instead of directly doing it themselves.

    The US DoD depending on the global hardware business is the scariest implication to me.

    And one more thing.. this almost sounds like it could be a back door for even stronger DRM technology, embedded in hardware, in our personal computers in the future. SO, how far off base am I this time?
    • Re:TFA (Score:5, Insightful)

      by zappepcs ( 820751 ) on Monday March 10, 2008 @04:16PM (#22707186) Journal
      I think you are pretty much right on target. An errant USB stick with malicious firmware could easily wait until it is plugged into a machine on a network with the desired domain name before releasing a small virus. It is not implausible, nor hard to understand this attack vector. That USB stick might be in the form of a cheap MP3 player.

      Without spraying details all over, there are many more ways to get a small piece of code inside a very secure facility, after which it's game on for the IDS system.

      Even if nothing is found in the wild like this, fear of it might indeed push DRM et al into all manner of devices.

      On the short list: Secure facilities should not be allowing electronic devices into their facilities. period. if they want to stay secure. No DRM should be trusted to fully do this job in such instances of security like are required for the Pentagon, military bases etc.

      Adding DRM to commercial and personal use devices will NOT... repeat NOT increase security.
    • Re: (Score:3, Interesting)

      by blhack ( 921171 )
      Terrorism is the new communism. Don't let the actual definition get in the way of people using this to incite fear.

      What we're talking about there is Cold war V2.0 with China.
      There is no shortage of people who theorize that Russia at one point might have been able to pull of some crazy hack that disabled all of our electronics using Tesla tech; what we're talking about here is an ACTUAL ability for China to do it.
      The real solution to this problem is to bring manufacturing back to the United States.

      Unfortuna
      • Re: (Score:3, Insightful)

        The government could also only buy components made in the untied states. Or at least the critical ones.
        • Clearly, this is the agenda of the piece. PopMech has been a fan press for the US arm industry since its inception "Look! A dive-bomber that will send Tojo to his divine reward!".

          They have seeded stories from Military and "Intelligence" sources for years.
        • Re: (Score:3, Interesting)

          by robertjw ( 728654 )
          Thing I don't get about this is the standards. Maybe general government use isn't the same, but back when I used to work for a company that made military equipment everything had to be to military specifications. Any changes had to be reviewed and approved by the DOD. I don't know if things have changed over the last 15 years, but this was a BIG deal then.
        • Re: (Score:3, Informative)

          The NSA fabs its own processors at Fort Meade.

          Most of these other chips are general purpose and used in a wide range of commercial applications. The idea in investing in the additional infrastructure to produce components locally will mean more foreign debt for US, increased taxes and would probably fail in the long run since licensing costs of all the various chips out there used in defence/aerospace would kill you if your only serving the military (commercial organisations wont buy if they can source it

    • Re: (Score:3, Informative)

      by Arioch5 ( 856338 )
      Being that I work for an engineering company which almost exclusively works on DoD contracts (or sub contracts). I can tell you first hand that DoD material does depend on global hardware companies. Almost any type of chip out there has a military rated version available. Heck there's even a term Military COTS (Military Commercial Off The Shelf), for items that are specifically designed for military use using readily available off the shelf parts. What I would ask you is how could you possibly expect th
    • In the traditional sense?

      If the US government (by extension, the wealthy, the connected, the power brokers, then the consumers/prosumers) want cheap goods, then they will be made in China or elsewhere. If the US wants security to not be threatened by counterfeit goods (bads) then it OUGHT to SHUT UP and bite the bullet and manufacture ALL infrastructure-threat-capable electronics domestically.

      But, it can't. It can't because to do so would buck or contravene many conventions, trade acts, and agreements. If t
    • Re:TFA (Score:4, Informative)

      by VValdo ( 10446 ) on Monday March 10, 2008 @04:55PM (#22707836)
      Doesn't this really mean war, not terror?

      I think it would depend on the context. From TFA:

      However, not all experts agree that the risk is severe. After all, there's never been a report of a foreign country or criminal outfit using such technology to steal information or commit sabotage. (The United States did successfully conduct such a mission against the Soviet Union during the Cold War.)

      If I'm not mistaken, the mission they are referring to [msn.com] was in 1982, when the US let the Soviet Union "steal" software that helped run a natural gas pipeline. The Russians were in the habit of stealing US technology, so the US secretly embedded the software with code that would- when run- cause the pressure in the pipes and pumps to go sky-high.

      The result:

      "The result was the most monumental non-nuclear explosion and fire ever seen from space."

      Was this an act of war? Not really, since the code was stolen. Maybe sabotage. Terrorism? No, but it probably sent a message to the Kremlin that stealing foreign technology may not be a good idea...

      W
    • I would call it war
      But the US government wouldn't.
      There are international treaties that regulate how you can or can't treat prisoners of war that the US government would rather not adhere to.
      If there isn't a war, just a bunch of "terrorist", you can simply ignore those treaties.

  • by Jeremi ( 14640 ) on Monday March 10, 2008 @04:11PM (#22707124) Homepage
    Counterfeit Chips Raise New Terror, Hacking Fears


    Indeed... the "War on Terror" is nothing more than various groups of people trying use terror to "hack our fears". The terrorists try to hack our fears to gain power over us, and the governments fighting them do the same.

  • Five Words (Score:5, Insightful)

    by sharp-bang ( 311928 ) <sharp...bang...slashdot@@@gmail...com> on Monday March 10, 2008 @04:12PM (#22707136) Homepage
    You get what you pay for.

    If you don't want counterfeit parts, pay for the appropriate controls and enforce them. The government has been trying to build government-class security and reliability on COTS technology for far too long.

    If that means domestic production, so be it.
    • Use of COTS parts is fine as long as:
      1. Reliability concerns are either accepted as non-critical, or mitigated through the use of controls such as parts caches
      2. TCO of product is cheaper
      3. Trust in the manufacturer/integrator is established

      If any of these items can not be successfully accommodated, then you shouldn't use COTS parts in your product. With respect to this discussion, #1 and #3 are in question, and debatably #2.
    • Five Words: You get what you pay for.
      Sometimes you get one free, it seems.
  • Turnabout (Score:2, Interesting)

    by Reader X ( 906979 )
    While there's still never been a fake-chip sabotage or info hack on America by foreign countries or rogue groups

    One wonders whether the reverse is true, and if so, why other countries are not freaking out about it...
  • Maybe if these parts are so critical we should keep the manufacturing in the US?
  • "Hah hah!"

    "Someone set us up the server!"
  • by boristdog ( 133725 ) on Monday March 10, 2008 @04:24PM (#22707312)
    I was wondering why my new "Gatemay" computer had an "Inpel Inside!" sticker on it.
    • by querist ( 97166 ) on Monday March 10, 2008 @04:55PM (#22707838) Homepage
      I wanted to mod this up (funny), but I decided to comment instead...

      My brother has a Shrap calculator. (Yes, S-H-R-A-P, not Sharp). The lettering looks exactly like the lettering used by Sharp during that time period (1980s). He keeps it for the humor value.

      "From Shrap minds come shrap products..." :-)

      This kind of thing really does happen.
      • Heh. A friend who went to Hong Kong brought home some "SOMY" AA batteries.
      • by GiMP ( 10923 )
        It isn't a question if this "kind of thing really does happen", there are millions of counterfeit products out there. The question is where you're looking. You don't get a lot of counterfeits in the USA, though there are some imported. A lot of economy building/rebuilding countries are a haven for counterfeit goods.

        In Poland, I've read that according to polls, 50% of people admited to (still) buying counterfeit goods. I think this has a lot to do with the post-communist situation, where upon the lifting
      • Re: (Score:3, Funny)

        by dgatwood ( 11270 )

        And thanks to all the explosive batteries in the cheap knockoffs, from shrap products comes shrap nel....

      • by hurfy ( 735314 )
        hehe, i have blackmarket Compaq computer. The old Original one kinda sorta. Actually it is made to look like the second model but only has the power of the original. The keyboard design is copied (surely the attached keyboard was patented). The bios is probably stolen. Several other components are copies. NOTHING above the chip level is marked with anything whatsoever. No brand names, not even a part number on anything inside or outside. Wish i would have left it alone but i swapped out parts to make a mor
  • That we know of. There could be millions of rogue processors out there just waiting for a command to "turn on", or self-destruct. How would we ever know from the outside?

    Wasn't there some question about Levono's laptops recently and their potential to secretly spy on its users at a hardware level? While not exactly the same, it is similar.
  • More Word Games (Score:2, Insightful)

    by joebob2000 ( 840395 )

    Define Counterfeit

    Isn't this hashing over the same deal where the "counterfeit" parts were really just unauthorized copies of a good board? How is it "Anti-Terrorism" to terrify the crap out of unsuspecting people with far-fetched hypotheticals?

    Articles like: "The danger of installing foreign designed, foreign made black boxes in our infrastructure" just sounds obvious, and the answer is obvious too: make your own boxes.

    These so-called but not-exactly-counterfeits are a problem caused by a lot of shor

  • NSA (Score:2, Interesting)

    by guy5000 ( 1211440 )
    Doesn't the NSA make their chips domestically?
  • by scorp1us ( 235526 ) on Monday March 10, 2008 @04:35PM (#22707462) Journal
    Hardware is cheap, and there are always more than one way to skin a cat.

    Just do the same algorithm on different hardware architenctures and at least one different virtual machine implementations. (Use a minimum of three implementations!) Take the answer that two agree on and forward that on to the next step in the pipeline. It would be difficult if not impossible to produce a counterfeit chip that could produce undetectable deviations in both software and hardware machines.

    "Never set sail with only two compasses - use one or three."
    • That is nonsense. How do you know ahead of time the algorithm that is going to produce the desired result?

      Chips are so complicated and difficult to test that it might take anywhere from 1 second to a million years or more for the intentional defect to show up even if you guessed the correct algorithm.
  • the impetus for adding restrictions and obfuscations is most certainly NOT security in the DoD sense. methinks interested parties are trying to juxtapose priacy/DRM interests with security/terrorism concerns. there is no really good argument for increased in-silicon DRM as a means to end-to-end security except for the economic security of intellectuals and their property. the troubling aspect to any attempt at subverting counterfeit designs is that it encourages mechanism to obfuscate a digital design and
  • Well, wont that just suck.

    Cheaper chinese goods that are flooding in help keep prices down overall.
  • The CIA did this... (Score:5, Interesting)

    by bockelboy ( 824282 ) on Monday March 10, 2008 @04:40PM (#22707578)
    Isn't this what the CIA did to the USSR? They purposely sold the Soviets Counterfeit CPUs and other technology so their economy would be based on faulty technology.

    In fact, it culminated in the mid 80's when a brand new pipeline was turned on with turbines taken from America via a Canadian intermediary. The turbines purposely malfunctioned and the resulting blast was about 1/4 the size of Hiroshima. Taking out such an important oil pipeline made a non-trivial dent in the Soviet economy.

    Look up the "Farewell Dossier".

    What is old is new again.
  • Didn't the US government do exactly this sort of thing to someone else? I think it was a country in the Middle East, and it involved HP printers, IIRC.
  • by Animats ( 122034 ) on Monday March 10, 2008 @04:53PM (#22707800) Homepage

    The easy way to attack remote systems at the hardware level would be to preload a back-door key into Active Management Technology. [wikipedia.org] All the hardware is already there to remote control the computer, without any help from the operating system. By default, this feature is supposed to be disabled. But a minor firmware change, initializing the AMT unit with a second hidden key instead of leaving it disabled, would make it possible to take over any corrupted machine from a level below the OS.

    AMT is the latest form of this, but there's also ASF (AMD's version), and RCMP (works over UDP, while AMT is a web service).

    This is tough to detect, short of cutting open the network controller chip and tracing the wiring with a scanning electron microscope. That's quite possible and tools for it exist, but it's not cheap.

    • If AMT is active, it should show up on a port scan. No need to trace circuitry or anything fancy. The ports are well known, too.

      A UDP service would be a little harder to detect, but UDP ports can be scanned too.
  • by Stochastism ( 1040102 ) on Monday March 10, 2008 @05:16PM (#22708128) Journal
    This kind of illicit technology is usually (not always) about making a buck. It's cheaper to exploit software than physical chips.

    Fix the world's software and then those industrious rogues might decide the expense and lengthy process of counterfitting physical chips is worthwhile compared to a quick piece of spyware.
  • by smellsofbikes ( 890263 ) on Monday March 10, 2008 @05:19PM (#22708174) Journal
    In the early 1980's, the US produced intermittently buggy chips which we sold to the USSR in full knowledge that they'd disrupt production facilities. It worked very well. [nytimes.com] Why, then, wouldn't China do the same thing?

    As someone who works in chip verification, I can tell you it's very difficult with most chips to do this, as long as the chips are designed in the US -- which is still largely the case, that they're designed here and produced in fabs in China (because labor's cheap and they don't care if their workers are exposed to HF and silane as long as money's coming in.)
    You know *exactly* what size your chip die is. If the silicon comes back from the fab with a different-sized die, it will be very obvious. So nobody can put extra stuff onto an existing die. Die size is the single most critical aspect of most designs, because of the cost, so existing designs are jammed just as tightly as they can possibly be. You can't put more functionality into an existing die size. The problem, then, is letting your design out. (And even then, a competent chip designer could probably spot strange material on a smaller die because they're familiar with how the layout is supposed to look.)
    There are some amazing military-grade chips out there. I was reading about the Maxim DS3600 [maxim-ic.com] the other day -- on-chip encryption and tamper-sensing, including detecting temperature changes and reacting by blanking all the on-board memory and stored encryption keys in nanoseconds, far faster than dumping liquid helium onto the chip would be able to freeze the memory for decoding. (They use some whack process for continually load-levelling and rewriting the keys so you can't use stored oxide charge to read what was there before it got blanked, either.) That kind of stuff is on the common market, available for anyone to buy. I assume the military has better stuff yet, and espionage people even better.
    At the end of the day you have to be able to trust someone or you'll just crouch in your basement. But there are ways to verify a chip's functionality and look for clearly bogus interactions. Our chip test systems make it easy to distinguish chips from different silicon lots, much less from different fabs. As always, if you buy the cheap stuff you don't know what you're getting, but if you spend the money to do some research, you'll have a much, much better idea of what you're getting. In this case, money in the millions of dollars, granted, but if you're designing military-grade stuff, well, that's why you buy from companies with a track record of producing trustworthy stuff.
    • by Mike1024 ( 184871 ) on Monday March 10, 2008 @07:34PM (#22709810)

      existing designs are jammed just as tightly as they can possibly be. You can't put more functionality into an existing die size. [...] I was reading about the Maxim DS3600 the other day -- on-chip encryption and tamper-sensing, including detecting temperature changes and reacting by blanking all the on-board memory and stored encryption keys in nanoseconds, far faster than dumping liquid helium onto the chip would be able to freeze the memory for decoding.
      It's true that it would require extra space or rearrangement to add, say, a keylogger to a USB keyboard.

      But it would require only a handful of malformed vias among millions to make your 'military grade' memory-wiping electronics get stuck at 'do not wipe' and your built-in test hardware get stuck at 'no problem'.

      Just my $0.02
    • Re: (Score:3, Insightful)

      by LM741N ( 258038 )
      Well said. It is also extremely difficult to test microprocessors with millions of transistors. Same with memory. For consumer applications you can only afford small test coverage, otherwise the chip would cost $10,000. But like said above the military spends quite a bit of money for a lot of test coverage, but even they can't test everything.
  • http://cm.bell-labs.com/who/ken/trust.html [bell-labs.com] still holds true.
  • Profit! (Score:3, Funny)

    by layer3switch ( 783864 ) on Tuesday March 11, 2008 @02:44AM (#22712818)
    1. Terror
    2. Religion
    3. ...
    4. Profit!

    I'm John McCain, and I approve this message.
  • For those interested, here is the relevant part about Schneier's comment :

    "It's certainly possible for the world's major espionage services to secretly plant vulnerabilities in our microprocessors, but the threat is overblown," says Bruce Schneier, chief technology officer of the data security company BT Counterpane. "Why would anyone go through the effort and take the risk, when there are thousands of vulnerabilities in our computers, networks and operating systems waiting to be discovered with only a few hours' work?"

  • Have they declared the War on Death yet?

    Seriously, _THAT_ is what they are concerned about -- counterfeit chips. The most expensive, slow and convoluted way of causing security leaks THAT WOULD NOT EVEN WORK IF PEOPLE KEPT SENSITIVE STUFF AWAY FROM THE PUBLIC NETWORKS IN THE FIRST PLACE.

    Why don't they worry about easier ways of causing trouble in a creative way such as, say, painting ships with explosive paints when they are serviced? Or causing trouble in very un-creative ways, what seems to work well anyw
  • Only now do they see (the American government) the folly at sending out everything to be outsourced in china??? Come on guys, you pay yourselves big salaries at our expense then you realize your mistake by sending everything overseas to have the "cheaper price" but don't even realize that now the Chinese can control all pcs with the click of a button....should they so choose to?

    "Sad but true"

Always leave room to add an explanation if it doesn't work out.

Working...